CVE-2021-29955

{"id": "CVE-2021-29955", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2021-06-24T14:15:10.053", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1692972", "tags": ["Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2021-10/", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2021-11/", "tags": ["Release Notes", "Vendor Advisory"], "source": "security@mozilla.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n transitoria, denominada Floating Point Value Injection (FPVI) permit\u00eda a un atacante filtrar direcciones de memoria arbitrarias y tambi\u00e9n podr\u00eda haber permitido ataques de confusi\u00f3n de tipo JIT. (Una vulnerabilidad relacionada, Speculative Code Store Bypass (SCSB), no afecta a Firefox). Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.9 y Firefox versiones anteriores a 87"}], "lastModified": "2021-06-30T16:48:11.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3533FF74-0FD6-447B-9C37-D491D18EA529", "versionEndExcluding": "87.0"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "907D294D-2667-4A67-A4B7-2DDE46BE592D", "versionEndExcluding": "78.9"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}