Vulnerability Description
A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 87.0 |
| Mozilla | Firefox Esr | < 78.9 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1692972Permissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-10/Release NotesVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-11/Release NotesVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1692972Permissions RequiredVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-10/Release NotesVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-11/Release NotesVendor Advisory
FAQ
What is CVE-2021-29955?
CVE-2021-29955 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related...
How severe is CVE-2021-29955?
CVE-2021-29955 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29955?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr.