VDB

CVE-2021-29987

CVE-2021-29987 PUBLISHED

After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91.

EPSS 0.26% · 49.6th percentile

Risk Scores

EPSS Score
0.26%
49.6th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSfirefox73.0.1+build1-0ubuntu0.18.04.1, *, *
Ubuntu:18.04:LTSthunderbird*, 1:78.11.0+build1-0ubuntu0.18.04.2, 1:78.13.0+build1-0ubuntu0.18.04.1
Ubuntu:20.04:LTSmozjs6868.5.0-1~fakesync, 68.5.0-2~fakesync, 68.6.0-1
Ubuntu:20.04:LTSfirefox*, 73.0+build1-0ubuntu1, 73.0+build2-0ubuntu1
Ubuntu:18.04:LTSmozjs3838.8.0~repack1-0ubuntu1, 38.8.0~repack1-0ubuntu3, 38.8.0~repack1-0ubuntu4
Ubuntu:20.04:LTSthunderbird*, 1:78.14.0+build1-0ubuntu0.20.04.2, 1:78.13.0+build1-0ubuntu0.20.04.2
Ubuntu:22.04:LTSmozjs7878.13.0-1, 78.15.0-2, 78.15.0-4ubuntu1
Ubuntu:20.04:LTSmozjs5252.9.1-1build1, 52.9.1-1ubuntu3, 0
Ubuntu:18.04:LTSmozjs5252.9.1-0ubuntu0.18.04.1, 52.8.1-0ubuntu0.18.04.1, 52.3.1-7fakesync1

Timeline

  • Aug 11, 2021 CVE Published
  • Aug 18, 2021 EPSS Score
  • Oct 15, 2021 EPSS Score
  • Dec 13, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 9, 2022 EPSS Score
  • Feb 22, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 9, 2022 EPSS Score
  • Jun 6, 2022 EPSS Score
  • Oct 2, 2022 EPSS Score
  • Nov 30, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›