8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.3%
Severity: High
Date : 2021-06-01
CVE-ID : CVE-2021-29959 CVE-2021-29960 CVE-2021-29961 CVE-2021-29966
CVE-2021-29967
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-2018
The package firefox before version 89.0-1 is vulnerable to multiple
issues including arbitrary code execution, content spoofing,
information disclosure and access restriction bypass.
Upgrade to 89.0-1.
The problems have been fixed upstream in version 89.0.
None.
When a user has already allowed a website to access microphone and
camera, disabling camera sharing would not fully prevent the website
from re-enabling it without an additional prompt. This was only
possible if the website kept recording with the microphone until re-
enabling the camera.
Firefox used to cache the last filename used for printing a file. When
generating a filename for printing, Firefox usually suggests the web
page title. The caching and suggestion techniques combined may have
lead to the title of a website visited during private browsing mode
being stored on disk.
When styling and rendering an oversized <select>
element, Firefox did
not apply correct clipping which allowed an attacker to paint over the
user interface.
Mozilla developers reported memory safety bugs present in Firefox 88.
Some of these bugs showed evidence of memory corruption and Mozilla
presumes that with enough effort some of these could have been
exploited to run arbitrary code.
Mozilla developers reported memory safety bugs present in Firefox 88.
Some of these bugs showed evidence of memory corruption and Mozilla
presumes that with enough effort some of these could have been
exploited to run arbitrary code.
A remote attacker could spoof the user interface, record audio and
video without an additional prompt, or execute arbitrary code through
crafted web pages. A local attacker could learn the title of a website
visited during private browsing mode.
https://www.mozilla.org/security/advisories/mfsa2021-23/
https://bugzilla.mozilla.org/show_bug.cgi?id=1395819
https://bugzilla.mozilla.org/show_bug.cgi?id=1675965
https://bugzilla.mozilla.org/show_bug.cgi?id=1700235
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1660307%2C1686154%2C1702948%2C1708124
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041
https://security.archlinux.org/CVE-2021-29959
https://security.archlinux.org/CVE-2021-29960
https://security.archlinux.org/CVE-2021-29961
https://security.archlinux.org/CVE-2021-29966
https://security.archlinux.org/CVE-2021-29967
bugzilla.mozilla.org/buglist.cgi?bug_id=1602862%2C1703191%2C1703760%2C1704722%2C1706041
bugzilla.mozilla.org/buglist.cgi?bug_id=1660307%2C1686154%2C1702948%2C1708124
bugzilla.mozilla.org/show_bug.cgi?id=1395819
bugzilla.mozilla.org/show_bug.cgi?id=1675965
bugzilla.mozilla.org/show_bug.cgi?id=1700235
security.archlinux.org/AVG-2018
security.archlinux.org/CVE-2021-29959
security.archlinux.org/CVE-2021-29960
security.archlinux.org/CVE-2021-29961
security.archlinux.org/CVE-2021-29966
security.archlinux.org/CVE-2021-29967
www.mozilla.org/security/advisories/mfsa2021-23/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.3%