Search for vulnerabilities
Vulnerability details: VCID-n1ts-k7a5-aaac
Vulnerability ID VCID-n1ts-k7a5-aaac
Aliases CVE-2021-29987
Summary After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-307 Improper Restriction of Excessive Authentication Attempts
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29987.html
epss 0.00120 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00120 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00120 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00120 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00168 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00176 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.00198 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss 0.0031 https://api.first.org/data/v1/epss?cve=CVE-2021-29987
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29987
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29987
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29987
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29987
archlinux High https://security.archlinux.org/AVG-2269
archlinux High https://security.archlinux.org/AVG-2291
generic_textual Medium https://ubuntu.com/security/notices/USN-5037-1
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2021-33
generic_textual Medium https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2021-36
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-29987.html
https://api.first.org/data/v1/epss?cve=CVE-2021-29987
https://bugzilla.mozilla.org/show_bug.cgi?id=1716129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29987
https://security.gentoo.org/glsa/202202-03
https://ubuntu.com/security/notices/USN-5037-1
https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987
https://www.mozilla.org/security/advisories/mfsa2021-33/
https://www.mozilla.org/security/advisories/mfsa2021-36/
ASA-202108-14 https://security.archlinux.org/ASA-202108-14
AVG-2269 https://security.archlinux.org/AVG-2269
AVG-2291 https://security.archlinux.org/AVG-2291
CVE-2021-29987 https://nvd.nist.gov/vuln/detail/CVE-2021-29987
mfsa2021-33 https://www.mozilla.org/en-US/security/advisories/mfsa2021-33
mfsa2021-36 https://www.mozilla.org/en-US/security/advisories/mfsa2021-36
USN-5037-1 https://usn.ubuntu.com/5037-1/
USN-5248-1 https://usn.ubuntu.com/5248-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29987
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29987
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29987
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.46718
EPSS Score 0.00120
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.