![]() ![]() ![]() This was corrected to require user interaction with the page before a user's password would be entered by the browser's autofill functionality. Password autofill was enabled without user interaction on insecure websites on Firefox for Android. #CVE-2021-29973: Password autofill on HTTP websites was enabled without user interaction on Android Reporter Wladimir Palant working with Include Security Impact moderate Description Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. #CVE-2021-29972: Use of out-of-date library included use-after-free vulnerability Reporter Irvan Kurniawan Impact moderate DescriptionĪ user-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. #CVE-2021-30547: Out of bounds write in ANGLE Reporter (Unknown) Impact high DescriptionĪn out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. ![]() This bug only affects Firefox for Android. If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. ![]() #CVE-2021-29971: Granted permissions only compared host omitting scheme and port on Android Reporter Arturo Mejia Impact high Description This bug only affected Firefox when accessibility was enabled. #CVE-2021-29970: Use-after-free in accessibility features of a document Reporter Irvan Kurniawan Impact high DescriptionĪ malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. Mozilla Foundation Security Advisory 2021-28 Security Vulnerabilities fixed in Firefox 90 Announced JImpact high Products Firefox Fixed in ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |