Vulnerabilities > CVE-2021-29961 - Incorrect Authorization vulnerability in Mozilla Firefox

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

mozilla

CWE-863

NVD

Published: 2021-06-24

Updated: 2021-09-20

Summary

When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. This vulnerability affects Firefox < 89.

Vulnerable Configurations

Part	Description	Count
Application	Mozilla Mozilla Firefox 79.0 Mozilla Firefox 80.0 Mozilla Firefox 81.0 Mozilla Firefox 82.0 Mozilla Firefox 82.0.3 Mozilla Firefox 83.0 Mozilla Firefox 84.0 Mozilla Firefox 84.0.2 Mozilla Firefox 84.1.3 Mozilla Firefox 85.0 Mozilla Firefox 85.0.1 Mozilla Firefox 85.0.2 Mozilla Firefox 87.0 Mozilla Firefox 88.0 Mozilla Firefox 88.0.1	19

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References