#VU55681 Resource management error in Firefox for Android - CVE-2021-29983
Vulnerability identifier: #VU55681
Vulnerability risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Firefox for Android
Mobile applications /
Apps for mobile phones
Vendor: Mozilla
Description
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to improper management of internal resources within the application. Firefox for Android can get stuck in fullscreen mode and not exit it
even after normal interactions that should cause it to exit. A remote attacker can abuse this to trick the victim into revealing sensitive information.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Firefox for Android: 80.1.2 - 90.1.3
External links
https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
