CVE-2021-23999 — Improper Privilege Management in Mozilla Firefox
Severity
8.8HIGHNVD
OSV7.4
EPSS
0.2%
top 64.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 24
Latest updateMay 24
Description
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages9 packages
🔴Vulnerability Details
6GHSA▶
GHSA-f4hx-f2xg-27cv: If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges th↗2022-05-24
OSV▶
CVE-2021-23999: If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges th↗2021-06-24
CVEList▶
CVE-2021-23999: If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges th↗2021-06-24
📋Vendor Advisories
8Debian▶
CVE-2021-23999: firefox - If a Blob URL was loaded through some unusual user interaction, it could have be...↗2021