CVE-2021-29960 - OpenCVE

Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1675965	Issue Tracking Permissions Required Vendor Advisory
https://security.gentoo.org/glsa/202107-09	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2021-23/	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2021-06-24T13:16:36

Updated: 2021-07-07T09:06:20

Reserved: 2021-04-01T00:00:00

Link: CVE-2021-29960

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-24T14:15:10.200

Modified: 2021-09-20T18:48:51.937

Link: CVE-2021-29960

JSON object: View

Redhat Information

No data.

CWE

CWE-669

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "89", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89."}], "problemTypes": [{"descriptions": [{"description": "Filenames printed from private browsing mode incorrectly retained in preferences", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-07T09:06:20", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-23/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675965"}, {"name": "GLSA-202107-09", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202107-09"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2021-29960", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "89"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Filenames printed from private browsing mode incorrectly retained in preferences"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2021-23/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2021-23/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675965", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675965"}, {"name": "GLSA-202107-09", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202107-09"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2021-29960", "datePublished": "2021-06-24T13:16:36", "dateReserved": "2021-04-01T00:00:00", "dateUpdated": "2021-07-07T09:06:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "7666F029-1D36-424D-B847-32CF4EE6F884", "versionEndExcluding": "89.0", "versionStartIncluding": "78.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Firefox used to cache the last filename used for printing a file. When generating a filename for printing, Firefox usually suggests the web page title. The caching and suggestion techniques combined may have lead to the title of a website visited during private browsing mode being stored on disk. This vulnerability affects Firefox < 89."}, {"lang": "es", "value": "Firefox sol\u00eda almacenar en cach\u00e9 el \u00faltimo nombre de archivo utilizado para imprimir un archivo. Al generar un nombre de archivo para imprimir, Firefox usualmente sugiere el t\u00edtulo de la p\u00e1gina web. Las t\u00e9cnicas de cach\u00e9 y de sugerencia combinadas pueden haber conllevado a que el t\u00edtulo de una p\u00e1gina web visitada durante el modo de navegaci\u00f3n privada se almacene en el disco. Esta vulnerabilidad afecta a Firefox versiones anteriores a 89"}], "id": "CVE-2021-29960", "lastModified": "2021-09-20T18:48:51.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-24T14:15:10.200", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1675965"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202107-09"}, {"source": "security@mozilla.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2021-23/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-669"}], "source": "nvd@nist.gov", "type": "Primary"}]}