Vulnerability Description
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 88.0 |
| Mozilla | Firefox Esr | < 78.10 |
| Mozilla | Thunderbird | < 78.10 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1691153ExploitIssue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-14/Release NotesVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-15/Release NotesVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-16/Release NotesVendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1691153ExploitIssue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-14/Release NotesVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-15/Release NotesVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2021-16/Release NotesVendor Advisory
FAQ
What is CVE-2021-23999?
CVE-2021-23999 is a vulnerability with a CVSS score of 8.8 (HIGH). If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vuln...
How severe is CVE-2021-23999?
CVE-2021-23999 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23999?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Firefox Esr, Mozilla Thunderbird.