CVE-2021-29955
Last modified
CVE-2021-29955 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). EPSS estimates a 1.52% chance of exploitation in the next 30 days.
Description
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 87.0 |
| Mozilla | Firefox Esr | < 78.9 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1692972Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-10/Release Notes, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-11/Release Notes, Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1692972Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-10/Release Notes, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-11/Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-29955?
How severe is CVE-2021-29955?
How do I fix CVE-2021-29955?
Are you affected by CVE-2021-29955?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST