Severity

Medium

Analysis Summary

CVE-2021-29968

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when drawing text characters onto a Canvas. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain sensitive information. This bug only affects Firefox on Windows. Other operating systems are unaffected.

Impact

• Information Theft

Affected Vendors

Mozilla

Affected Products

Mozilla Firefox 88.0.0

Remediation

Upgrade to the latest version of Mozilla Firefox (89.0.1) from https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/