Vulnerability Details CVE-2021-29953
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-29953
-
cpe:2.3:a:mozilla:firefox:14.0
-
cpe:2.3:a:mozilla:firefox:15.0
-
cpe:2.3:a:mozilla:firefox:16.0
-
cpe:2.3:a:mozilla:firefox:17.0
-
cpe:2.3:a:mozilla:firefox:18.0
-
cpe:2.3:a:mozilla:firefox:19.0
-
cpe:2.3:a:mozilla:firefox:21.0
-
cpe:2.3:a:mozilla:firefox:22.0
-
cpe:2.3:a:mozilla:firefox:24.0
-
cpe:2.3:a:mozilla:firefox:24.1
-
cpe:2.3:a:mozilla:firefox:25.0
-
cpe:2.3:a:mozilla:firefox:80.0
-
cpe:2.3:a:mozilla:firefox:83.0
-
cpe:2.3:a:mozilla:firefox:84.0
-
cpe:2.3:a:mozilla:firefox:84.1.3