CVE-2021-23999

high

Description

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1691153

https://www.mozilla.org/security/advisories/mfsa2021-14/

https://www.mozilla.org/security/advisories/mfsa2021-15/

https://www.mozilla.org/security/advisories/mfsa2021-16/

Details

Source: Mitre, NVD

Published: 2021-06-24

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High