CVE-2021-29955

Published: Jun 24, 2021Modified: Jun 17, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.

Affected (2)

Products: Mozilla: Firefox, Firefox Esr

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 87.0
Mozilla Firefox Esr	Before 78.9

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (6)

https://bugzilla.mozilla.org/show_bug.cgi?id=1692972

Source: security@mozilla.org

Permissions RequiredVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-10/

Source: security@mozilla.org

Release NotesVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-11/

Source: security@mozilla.org

Release NotesVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1692972

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-10/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-11/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.