cbcvebase.
CVE-2021-29975
published 2021-08-05

CVE-2021-29975: Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of…

PriorityP428medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
0.97%
57.4th percentile
Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 90.0-1 (sid)firefox 90.0-1 (sid)
mozillafirefox< 90.090.0
mozillafirefox
mozillafirefox>= 0 < 90.0+build1-0ubuntu0.18.04.190.0+build1-0ubuntu0.18.04.1
mozillafirefox>= 0 < 90.0+build1-0ubuntu0.20.04.190.0+build1-0ubuntu0.20.04.1
mozillafirefox>= unspecified < 9090

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.