CVE-2021-23999

Summary

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 78.10affected
MozillaThunderbirdunspecified < 78.10affected
MozillaFirefoxunspecified < 88affected

Weaknesses

  • Blob URLs may have been granted additional privileges

ADP Enrichment

CVE Program Container

Additional References

References