CVE-2021-29971

Published: Aug 5, 2021Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 90.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Before 90.0

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (4)

https://bugzilla.mozilla.org/show_bug.cgi?id=1713638

Source: security@mozilla.org

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2021-28/

Source: security@mozilla.org

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1713638

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPermissions Required

https://www.mozilla.org/security/advisories/mfsa2021-28/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.