CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29958
https://notcve.org/view.php?id=CVE-2021-29958
When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. This vulnerability affects Firefox for iOS < 34. Cuando se iniciaba una descarga, el cliente no comprobaba si estaba en modo de navegación normal o privado, lo que conllevaba a que las cookies del modo privado se compartieran en el modo de navegación normal. Esta vulnerabilidad afecta a Firefox para iOS versiones anteriores a 34 • https://bugzilla.mozilla.org/show_bug.cgi?id=1670127 https://www.mozilla.org/security/advisories/mfsa2021-25 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29961
https://notcve.org/view.php?id=CVE-2021-29961
When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89. Al estilizar y renderizar un elemento "(select)" de gran tamaño, Firefox no aplicaba un recorte correcto que permitía a un atacante pintar sobre la interfaz de usuario. Esta vulnerabilidad afecta a Firefox versiones anteriores a 89 • https://bugzilla.mozilla.org/show_bug.cgi?id=1700235 https://security.gentoo.org/glsa/202107-09 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29962
https://notcve.org/view.php?id=CVE-2021-29962
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Firefox para Android se volvía inestable y difícil de recuperar cuando un sitio web abría demasiadas ventanas emergentes. • https://bugzilla.mozilla.org/show_bug.cgi?id=1701673 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29963
https://notcve.org/view.php?id=CVE-2021-29963
Address bar search suggestions in private browsing mode were re-using session data from normal mode. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89. Las sugerencias de búsqueda de la barra de direcciones en el modo de navegación privada reusaban los datos de la sesión del modo normal. • https://bugzilla.mozilla.org/show_bug.cgi?id=1705068 https://www.mozilla.org/security/advisories/mfsa2021-23 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29964
https://notcve.org/view.php?id=CVE-2021-29964
A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process incorrectly, leading to an out-of-bounds read. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.11, Firefox < 89, and Firefox ESR < 78.11. Un programa hostil instalado localmente podría enviar mensajes "WM_COPYDATA" que Firefox procesaría incorrectamente, conllevando una lectura fuera de límites. • https://bugzilla.mozilla.org/show_bug.cgi?id=1706501 https://www.mozilla.org/security/advisories/mfsa2021-23 https://www.mozilla.org/security/advisories/mfsa2021-24 https://www.mozilla.org/security/advisories/mfsa2021-26 • CWE-125: Out-of-bounds Read •