CVE-2021-29971

Summary

If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 90.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 90affected

Weaknesses

  • Granted permissions only compared host; omitting scheme and port on Android

ADP Enrichment

CVE Program Container

Additional References

References