CVE-2021-23999

high

Description

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1691153

https://www.mozilla.org/security/advisories/mfsa2021-15/

https://www.mozilla.org/security/advisories/mfsa2021-16/

https://www.mozilla.org/security/advisories/mfsa2021-14/

Details

Source: MITRE

Published: 2021-06-24

Updated: 2022-04-26

Type: CWE-269

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH