A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1692972 | Permissions Required Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2021-10/ | Release Notes Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2021-11/ | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2021-06-24T13:17:46
Updated: 2021-06-24T13:17:46
Reserved: 2021-04-01T00:00:00
Link: CVE-2021-29955
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-24T14:15:10.053
Modified: 2021-06-30T16:48:11.797
Link: CVE-2021-29955
JSON object: View
Redhat Information
No data.
CWE