[MFSA-2021-20] Security Vulnerabilities fixed in Firefox 88.0.1, Firefox for Android 88.1.3
Severity
Critical
Affected Packages
2
Fixed Packages
2
CVEs
2
CVE-2021-29952: Race condition in Web Render Components (high)
When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been exploitable to run arbitrary code.CVE-2021-29953: Universal Cross-Site Scripting via pop-up prompts (critical)
By triggering multiple pop-up prompts containing <code>javascript:</code> URLs, a malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability.
Note: This issue only affected Firefox for Android. Other operating systems are unaffected.
| Package | Affected Version |
|---|---|
 pkg:mozilla/Firefox?os=android
|
< 88.1.3 |
|
pkg:mozilla/Firefox
|
< 88.0.1 |
| Package | Fixed Version |
|---|---|
|
pkg:mozilla/Firefox?os=android
|
= 88.1.3 |
|
pkg:mozilla/Firefox
|
= 88.0.1 |
- ID
- MFSA-2021-20
- Severity
- critical
- URL
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-20
- Published
-
2021-05-05T00:00:00
(3 years ago) - Modified
-
2021-05-05T00:00:00
(3 years ago) - Other Advisories
ALPINE:CVE-2021-29952
ASA-202105-5
FEDORA-2021-0d26f8a9f3
USN-4942-1| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 1704227 |
|
|
| Bugzilla | 1701684 |
|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |