VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ta8f-jw3f-n3gs

Essentials
Severities (25)
References (13)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ta8f-jw3f-n3gs
Aliases	CVE-2021-29987
Summary	After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to.This bug only affects Thunderbird on Linux. Other operating systems are unaffected.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-307

Improper Restriction of Excessive Authentication Attempts

System	Score	Found at
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2021-29987
cvssv2	4.3	https://nvd.nist.gov/vuln/detail/CVE-2021-29987
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2021-29987
archlinux	High	https://security.archlinux.org/AVG-2269
archlinux	High	https://security.archlinux.org/AVG-2291
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2021-33
generic_textual	high	https://www.mozilla.org/en-US/security/advisories/mfsa2021-36

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2021-29987
		https://bugzilla.mozilla.org/show_bug.cgi?id=1716129
		https://security.gentoo.org/glsa/202202-03
		https://www.mozilla.org/security/advisories/mfsa2021-33/
		https://www.mozilla.org/security/advisories/mfsa2021-36/
ASA-202108-14		https://security.archlinux.org/ASA-202108-14
AVG-2269		https://security.archlinux.org/AVG-2269
AVG-2291		https://security.archlinux.org/AVG-2291
CVE-2021-29987		https://nvd.nist.gov/vuln/detail/CVE-2021-29987
mfsa2021-33		https://www.mozilla.org/en-US/security/advisories/mfsa2021-33
mfsa2021-36		https://www.mozilla.org/en-US/security/advisories/mfsa2021-36
USN-5037-1		https://usn.ubuntu.com/5037-1/
USN-5248-1		https://usn.ubuntu.com/5248-1/

No exploits are available.

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29987

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29987

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.53681
EPSS Score	0.0031
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:46.971265+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2021/mfsa2021-36.yml	37.0.0