CVE-2021-29944

Summary

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 88.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 88affected

Weaknesses

  • HTML injection vulnerability in Firefox for Android's Reader View

ADP Enrichment

CVE Program Container

Additional References

References