Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2021-29963

HistoryJun 24, 2021 - 2:15 p.m.

CVE-2021-29963

2021-06-2414:15:10

Debian Security Bug Tracker

security-tracker.debian.org

firefox

address bar

vulnerability

android

operating systems

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

36.1%

JSON

Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 89.

OSVersionArchitecturePackageVersionFilename
Debian999allfirefox< 130.0-2firefox_130.0-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	999	all	firefox	< 130.0-2	firefox_130.0-2_all.deb

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

36.1%

JSON

Related for DEBIANCVE:CVE-2021-29963