Vulnerability CVE-2021-29971: Information

Description

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-29971

Published: Aug. 5, 2021

Modified: Aug. 12, 2021

Error type identifier: CWE-281

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	90.0-alt1	127.0-alt1	ALT-PU-2021-2261-1	278794	Fixed
firefox	p10	90.0-alt1	118.0.2-alt0.p10.1	ALT-PU-2021-2261-1	278794	Fixed
firefox	p9	93.0-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2022-1782-1	288073	Fixed
firefox	c10f1	90.0-alt1	112.0.2-alt0.p10.1	ALT-PU-2021-2261-1	278794	Fixed
firefox	c9f2	93.0-alt0.p9.1	105.0.1-alt0.c9.1	ALT-PU-2021-3368-1	288792	Fixed
firefox	p11	90.0-alt1	126.0.1-alt1	ALT-PU-2021-2261-1	278794	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1713638	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2021-28/	Vendor Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*
  End excliding
  90.0

Version: v24.5.3

Vulnerability CVE-2021-29971: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1