Main Vulnerability Database Vulnerabilities #VU55686

Insufficient UI Warning of Dangerous Operations in Mozilla Firefox - CVE-2021-29987

Published: August 10, 2021

Vulnerability identifier: #VU55686

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-29987

CWE-ID: CWE-357

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way Firefox displays permission panels. After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to.

Note, the vulnerability affects Linux installations only.

How to mitigate CVE-2021-29987

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/

Insufficient UI Warning of Dangerous Operations in Mozilla Firefox - CVE-2021-29987

Detailed vulnerability description

How to mitigate CVE-2021-29987

Sources

Please verify you're human