CVE-2021-29958

Published: Jun 24, 2021Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34.

Affected (1)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 34.0

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1670127

Source: security@mozilla.org

Permissions RequiredVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-25/

Source: security@mozilla.org

Release NotesVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1670127

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://www.mozilla.org/security/advisories/mfsa2021-25/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.