CVE-2021-29955 Information

Description

A transient execution vulnerability named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability Speculative Code Store Bypass (SCSB) did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

https://www.mozilla.org/security/advisories/mfsa2021-11/ https://www.mozilla.org/security/advisories/mfsa2021-10/ https://bugzilla.mozilla.org/show_bug.cgi?id=1692972

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3