CVE-2021-29960: 
NixOS vulnerability analysis and mitigation

CVE-2021-29960 is a privacy-related vulnerability discovered in Mozilla Firefox versions prior to 89.0. The vulnerability was disclosed on June 1, 2021, and was reported by security researcher Sebastian Hengst (Mozilla Advisory).

The vulnerability stems from Firefox's file printing mechanism, where the browser caches the last filename used for printing and typically suggests the web page title as the filename. This caching behavior, combined with the suggestion technique, could lead to the title of websites visited during private browsing mode being stored on disk, potentially compromising user privacy. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (NVD).

The primary impact of this vulnerability is the potential exposure of private browsing data, specifically website titles, through the printing function's caching mechanism. This compromises the expected privacy guarantees of Firefox's private browsing mode by inadvertently storing information that should remain temporary (Mozilla Advisory).

The vulnerability was fixed in Firefox version 89.0. Users are advised to upgrade to Firefox 89.0 or later to address this security issue. For systems using Firefox ESR, version 78.11.0 or later contains the fix (Gentoo Advisory).