CVE-2021-29953 - log back

CVE-2021-29953 edited at 05 May 2021 13:45:41
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Cross-site scripting
Description
+ A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. The issue is fixed in Firefox for Android version 88.1.3.
+
+ Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-20/#CVE-2021-29953
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1701684
Notes
CVE-2021-29953 created at 05 May 2021 13:44:03