CVE-2021-29975 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 39.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedAug 5

Latest updateMay 24

Description

Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/firefox< firefox 90.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 90

▶NVDmozilla/firefox< 90.0

▶Ubuntumozilla/firefox< 90.0+build1-0ubuntu0.18.04.1+1

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-j6fq-x87m-xrqh: Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top↗2022-05-24

▶

OSV

CVE-2021-29975: Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top↗2021-07-15

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2021-07-16

▶

Debian

CVE-2021-29975: firefox - Through a series of DOM manipulations, a message, over which the attacker had co...↗2021

▶

Mozilla

Mozilla Foundation Security Advisory 2021-28: CVE-2021-29975↗

▶