CVE-2021-29973 Information
Jun 07, 2022
cve
Description
Password autofill was enabled without user interaction on insecure websites on Firefox for Android. This was corrected to require user interaction with the page before a user’s password would be entered by the browser’s autofill functionality This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 90.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=1701932 https://www.mozilla.org/security/advisories/mfsa2021-28/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: