CVE-2021-29963 — Insufficient Verification of Data Authenticity in Mozilla Firefox

CWE-345 — Insufficient Verification of Data Authenticity5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 65.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJun 24

Latest updateMay 24

Description

Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5mozilla/firefoxunspecified — 89

▶NVDmozilla/firefox< 89.0

▶debiandebian/firefox

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-vjmq-qgx6-29w9: Address bar search suggestions in private browsing mode were re-using session data from normal mode↗2022-05-24

▶

OSV

CVE-2021-29963: Address bar search suggestions in private browsing mode were re-using session data from normal mode↗2021-06-24

▶

📋Vendor Advisories

Debian

CVE-2021-29963: firefox - Address bar search suggestions in private browsing mode were re-using session da...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-23: CVE-2021-29963↗

▶