PT-2021-6780 · Mozilla+5 · Thunderbird+6

Irvan Kurniawan

·

Published

2021-06-12

·

Updated

2024-12-12

·

CVE-2021-29987

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:C/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 91 Thunderbird versions prior to 91
Description The issue is related to the incorrect handling of multiple permission panels in Firefox and Thunderbird, allowing an attacker to trick a user into accepting unwanted permissions. This can lead to unauthorized access to confidential data. The problem specifically affects Firefox on Linux, with other operating systems being unaffected.
Recommendations For Firefox versions prior to 91, update to version 91 or later to resolve the issue. For Thunderbird versions prior to 91, update to version 91 or later to resolve the issue. As a temporary workaround, consider avoiding the use of multiple permission panels in Firefox on Linux until a patch is available.

Exploit

Fix

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-307

Related Identifiers

ALT-PU-2021-2488
ALT-PU-2021-2636
ALT-PU-2021-2718
ALT-PU-2021-2725
ALT-PU-2021-2849
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2022-1782
BDU:2022-02172
CVE-2021-29987
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2021:1367-1
OPENSUSE-SU-2021:1635-1
OPENSUSE-SU-2021:3331-1
OPENSUSE-SU-2021:3451-1
OPENSUSE-SU-2021:4150-1
OPENSUSE-SU-2021_1367-1
OPENSUSE-SU-2021_1635-1
OPENSUSE-SU-2021_3331-1
OPENSUSE-SU-2021_3451-1
OPENSUSE-SU-2021_4150-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2021:14821-1
SUSE-SU-2021:14826-1
SUSE-SU-2021:3191-1
SUSE-SU-2021:3331-1
SUSE-SU-2021:3451-1
SUSE-SU-2021:4150-1
SUSE-SU-2021_14821-1
SUSE-SU-2021_14826-1
SUSE-SU-2022:1577-1
SUSE-SU-2022:1582-1
SUSE-SU-2022_1577-1
SUSE-SU-2022_1582-1
USN-5037-1
USN-5037-2
USN-5248-1

Affected Products

Alt Linux
Astra Linux
Firefox
Linuxmint
Suse
Thunderbird
Ubuntu