Lucene search

K
cvelistMozillaCVELIST:CVE-2021-29987
HistoryAug 17, 2021 - 7:12 p.m.

CVE-2021-29987

2021-08-1719:12:29
mozilla
www.cve.org

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. This bug only affects Firefox on Linux. Other operating systems are unaffected.. This vulnerability affects Firefox < 91 and Thunderbird < 91.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "91",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Thunderbird",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "91",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%