Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ubmh-fmpu-fuff
Vulnerability ID VCID-ubmh-fmpu-fuff
Aliases CVE-2021-29973
Summary Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality.*This bug only affects Firefox for Android. Other operating systems are unaffected.*
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
epss 0.0034 https://api.first.org/data/v1/epss?cve=CVE-2021-29973
archlinux High https://security.archlinux.org/AVG-2149
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2021-28
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-29973
AVG-2149 https://security.archlinux.org/AVG-2149
mfsa2021-28 https://www.mozilla.org/en-US/security/advisories/mfsa2021-28
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.56625
EPSS Score 0.0034
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:17:09.401249+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2021/mfsa2021-28.yml 38.0.0