VDB
CVE-2021-29944
CVE-2021-29944
PUBLISHED
Reported by mozilla · Published June 24, 2021
Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 88.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | unspecified |
| Mozilla | Firefox | unspecified |
| alpine | firefox | 0, 0, 0 |
| alpine | librewolf | 0, 0, 0 |
Timeline
- Jun 24, 2021 CVE Published
- Jun 25, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 24, 2021 EPSS Score
- Dec 23, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 21, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 23, 2022 EPSS Score
- Jun 22, 2022 EPSS Score
- Aug 22, 2022 EPSS Score
- Oct 21, 2022 EPSS Score