CVE-2021-29965 - log back

CVE-2021-29965 edited at 01 Jun 2021 19:39:43
Description
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog.
- This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 89.
+ This bug only affects Firefox for Android. Other operating systems are unaffected.
References
https://www.mozilla.org/security/advisories/mfsa2021-23/
https://bugzilla.mozilla.org/show_bug.cgi?id=1709257
Notes
CVE-2021-29965 edited at 01 Jun 2021 13:17:15
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog.
+
+ This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 89.
References
+ https://www.mozilla.org/security/advisories/mfsa2021-23/
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1709257
CVE-2021-29965 created at 01 Jun 2021 13:16:58