PT-2021-7311 · Mozilla+4 · Firefox+4

Sebastian Hengst

Published

2021-06-01

Updated

2024-12-12

CVE-2021-29960

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 89

Description The issue is related to the lack of proper validation of incoming requests, which could allow a remote attacker to access and compromise confidential data. Additionally, there's a concern with how Firefox handles filename caching for printing, potentially leading to the storage of website titles visited during private browsing mode on disk.

Recommendations For versions prior to 89, update to version 89 or later to resolve the issue. As a temporary workaround, consider restricting the use of the printing feature until a patch is applied. Avoid using the private browsing mode for sensitive activities until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-669

Related Identifiers

ALT-PU-2021-1919

ALT-PU-2021-2725

ALT-PU-2021-2881

ALT-PU-2021-3368

ALT-PU-2021-3369

ALT-PU-2022-1781

ALT-PU-2022-1782

BDU:2022-05609

CVE-2021-29960

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4978-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2021-7311 · Mozilla+4 · Firefox+4

CVE-2021-29960

Weakness Enumeration

Related Identifiers

Affected Products

References · 2186