PT-2021-3661 · Mozilla+1 · Firefox For Android+1

Arturo Mejia

Published

2021-07-13

Updated

2024-12-12

CVE-2021-29971

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 90

Description The issue is related to insufficient access control in Firefox for Android, allowing any webpage running on the same host to be granted permissions previously saved by a user, regardless of the scheme or port. This could potentially allow a remote attacker to elevate their privileges. The vulnerability only affects Firefox for Android, with other operating systems being unaffected.

Recommendations For Firefox for Android versions prior to 90, update to version 90 or later to resolve the issue. As a temporary workaround, consider restricting the saving of permission grants to webpages to minimize the risk of exploitation.

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281CWE-264

Related Identifiers

ALT-PU-2021-2261

ALT-PU-2021-3368

ALT-PU-2022-1782

BDU:2021-03891

CVE-2021-29971

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox For Android

PT-2021-3661 · Mozilla+1 · Firefox For Android+1

CVE-2021-29971

Weakness Enumeration

Related Identifiers

Affected Products

References · 1878