CVE-2021-29965
N/A
N/A
Summary
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 89.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 89 | affected |
Weaknesses
- Password Manager on Firefox for Android susceptible to domain spoofing
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2021-23/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1709257
References
- https://www.mozilla.org/security/advisories/mfsa2021-23/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1709257
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.