CVE-2021-23999
N/A
N/A
Summary
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox ESR | unspecified < 78.10 | affected |
| Mozilla | Thunderbird | unspecified < 78.10 | affected |
| Mozilla | Firefox | unspecified < 88 | affected |
Weaknesses
- Blob URLs may have been granted additional privileges
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2021-14/
- https://www.mozilla.org/security/advisories/mfsa2021-16/
- https://www.mozilla.org/security/advisories/mfsa2021-15/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
References
- https://www.mozilla.org/security/advisories/mfsa2021-14/
- https://www.mozilla.org/security/advisories/mfsa2021-16/
- https://www.mozilla.org/security/advisories/mfsa2021-15/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.