CVE-2021-23999

Name
CVE-2021-23999
Description
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
MISC https://www.mozilla.org/security/advisories/mfsa2021-15/
MISC https://www.mozilla.org/security/advisories/mfsa2021-16/
MISC https://www.mozilla.org/security/advisories/mfsa2021-14/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* firefox >= None < 88.0
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* firefox_esr >= None < 78.10
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* thunderbird >= None < 78.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status