Vulnerability CVE-2021-23999
Published: 2021-06-24

Description:
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Type:

CWE-269

 (Improper Privilege Management)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mozilla -> Firefox 
Mozilla -> Firefox esr 
Mozilla -> Thunderbird 

 References:
https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
https://www.mozilla.org/security/advisories/mfsa2021-15/
https://www.mozilla.org/security/advisories/mfsa2021-16/
https://www.mozilla.org/security/advisories/mfsa2021-14/
Copyright 2024, cxsecurity.com

 

Back to Top