CVE-2021-29965
First published: Tue Jun 01 2021(Updated: )
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that triggered the dialog. This bug only affects Firefox for Android. Other operating systems are unaffected.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <89 | 89 |
| Mozilla Firefox | <89.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-29965.
Which web browser is affected by this vulnerability?
This vulnerability affects Firefox for Android.
What is the impact of this vulnerability?
A malicious website can trick the built-in password manager in Firefox for Android to suggest passwords for the wrong website.
How can I fix this vulnerability?
Update Firefox for Android to version 89 or higher.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability at the following links: [Mozilla Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1709257) and [Mozilla Security Advisories](https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/author
- agent/severity
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/trending
- vendor/mozilla
- canonical/mozilla firefox