CVE-2021-29955

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. (A related vulnerability, Speculative Code Store Bypass (SCSB), did not affect Firefox.). This vulnerability affects Firefox ESR < 78.9 and Firefox < 87.

Published: Jun 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-29955
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	87.0
mozilla / firefox_esr	-	78.9

https://bugzilla.mozilla.org/show_bug.cgi?id=1692972
https://www.mozilla.org/security/advisories/mfsa2021-10/
https://www.mozilla.org/security/advisories/mfsa2021-11/

Vulnerability Database

290,301

CVE-2021-29955