VDB
CVE-2021-29955
CVE-2021-29955
PUBLISHED
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.
EPSS 0.88% · 75.8th percentile
Risk Scores
EPSS Score
0.88%
75.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | mozjs52 | 0, 52.3.1-0ubuntu3, 52.8.1-0ubuntu0.18.04.1 |
| Ubuntu:20.04:LTS | mozjs52 | 0, 52.9.1-1ubuntu3, 52.9.1-1build1 |
| Ubuntu:18.04:LTS | mozjs38 | *, 0, 38.8.0~repack1-0ubuntu1 |
| Ubuntu:22.04:LTS | mozjs78 | 78.15.0-4ubuntu1, 0, 78.13.0-1 |
| Ubuntu:20.04:LTS | mozjs68 | 68.5.0-1~fakesync, 0, 68.6.0-1ubuntu1 |
Timeline
- Jun 24, 2021 CVE Published
- Jun 25, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 23, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 21, 2022 EPSS Score
- Apr 22, 2022 EPSS Score
- Jun 21, 2022 EPSS Score
- Aug 22, 2022 EPSS Score
- Oct 21, 2022 EPSS Score
- Feb 18, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-29955 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-10/#CVE-2021-29955 third-party-advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-29955 third-party-advisory
- https://www.mozilla.org/security/advisories/mfsa2021-11/ third-party-advisory
- https://www.mozilla.org/security/advisories/mfsa2021-10/ third-party-advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1692972 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-29955 third-party-advisory