[MFSA-2021-20] Security Vulnerabilities fixed in Firefox 88.0.1, Firefox for Android 88.1.3
Severity
Critical
Affected Packages
2
Fixed Packages
2
CVEs
2
CVE-2021-29952: Race condition in Web Render Components (high)
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code.CVE-2021-29953: Universal Cross-Site Scripting via pop-up prompts (critical)
By triggering multiple pop-up prompts containing <code>javascript:</code> URLs, a malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability.
Note: This issue only affected Firefox for Android. Other operating systems are unaffected.
Package | Affected Version |
---|---|
pkg:mozilla/Firefox?os=android | < 88.1.3 |
pkg:mozilla/Firefox | < 88.0.1 |
Package | Fixed Version |
---|---|
pkg:mozilla/Firefox?os=android | = 88.1.3 |
pkg:mozilla/Firefox | = 88.0.1 |
- ID
- MFSA-2021-20
- Severity
- critical
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-20
- Published
-
2021-05-05T00:00:00
(3 years ago) - Modified
-
2021-05-05T00:00:00
(3 years ago) - Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1704227 | https://bugzilla.mozilla.org/show_bug.cgi?id=1704227 | |
Bugzilla | 1701684 | https://bugzilla.mozilla.org/show_bug.cgi?id=1701684 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |