PT-2021-7343 · Mozilla+1 · Firefox For Android+2

Wladimir Palant

Published

2021-05-05

Updated

2023-09-22

CVE-2021-29953

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 88.0.1 Firefox for Android versions prior to 88.1.3

Description A malicious webpage could force a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting issue. This issue only affects Firefox for Android, with other operating systems being unaffected. The vulnerability can be exploited by a remote attacker using a specially crafted link, allowing for a cross-site scripting (XSS) attack.

Recommendations For Firefox versions prior to 88.0.1, update to version 88.0.1 or later. For Firefox for Android versions prior to 88.1.3, update to version 88.1.3 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2021-1771

ALT-PU-2021-3368

ALT-PU-2022-1782

BDU:2022-05742

CVE-2021-29953

OESA-2023-1673

OESA-2023-1674

Affected Products

Alt Linux

Firefox

Firefox For Android

PT-2021-7343 · Mozilla+1 · Firefox For Android+2

CVE-2021-29953

Weakness Enumeration

Related Identifiers

Affected Products

References · 300