Vulnerabilities > CVE-2021-29959 - Incorrect Authorization vulnerability in Mozilla Firefox

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

mozilla

CWE-863

NVD

Published: 2021-06-24

Updated: 2022-07-12

Summary

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This vulnerability affects Firefox < 89.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 78.11.0 Mozilla Firefox 78.12.0 Mozilla Firefox 78.13.0 Mozilla Firefox 78.14.0 Mozilla Firefox 78.15.0 Mozilla Firefox 79.0 Mozilla Firefox 80.0 Mozilla Firefox 80.0.1 Mozilla Firefox 81.0 Mozilla Firefox 81.0.1 Mozilla Firefox 81.0.2 Mozilla Firefox 82.0 Mozilla Firefox 82.0.1 Mozilla Firefox 82.0.2 Mozilla Firefox 82.0.3 Mozilla Firefox 83.0 Mozilla Firefox 84.0 Mozilla Firefox 84.0.1 Mozilla Firefox 84.0.2 Mozilla Firefox 84.1.3 Mozilla Firefox 85.0 Mozilla Firefox 85.0.1 Mozilla Firefox 85.0.2 Mozilla Firefox 86.0 Mozilla Firefox 86.0.1 Mozilla Firefox 87.0 Mozilla Firefox 88.0 Mozilla Firefox 88.0.1	42

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References