CVE-2021-29960 — Incorrect Resource Transfer Between Spheres in Mozilla Firefox

CWE-669 — Incorrect Resource Transfer Between Spheres7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 24

Latest updateMay 24

Description

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶debiandebian/firefox< firefox 89.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 89

▶NVDmozilla/firefox78.11.0 — 89.0

▶Ubuntumozilla/firefox< 89.0+build2-0ubuntu0.18.04.2+1

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-994h-6rhw-f376: Firefox used to cache the last filename used for printing a file↗2022-05-24

▶

OSV

CVE-2021-29960: Firefox used to cache the last filename used for printing a file↗2021-06-02

▶

OSV

firefox vulnerabilities↗2021-06-02

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2021-06-02

▶

Debian

CVE-2021-29960: firefox - Firefox used to cache the last filename used for printing a file. When generatin...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-23: CVE-2021-29960↗

▶