Main Vulnerability Database Vulnerabilities #VU54684

#VU54684 Spoofing attack in Mozilla Firefox - CVE-2021-29975

Published: July 13, 2021

Vulnerability identifier: #VU54684

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-29975

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/

#VU54684 Spoofing attack in Mozilla Firefox - CVE-2021-29975

Description

Remediation

External links

Please verify you're human