Vulnerability CVE-2021-23999: Information

Description

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-23999
Published: June 24, 2021
Modified: April 26, 2022
Error type identifier: CWE-269CWE-697

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus88.0-alt1125.0.2-alt1ALT-PU-2021-1676-1270325Fixed
firefoxp1088.0-alt1118.0.2-alt0.p10.1ALT-PU-2021-1676-1270325Fixed
firefoxp993.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2022-1782-1288073Fixed
firefoxc10f188.0-alt1112.0.2-alt0.p10.1ALT-PU-2021-1676-1270325Fixed
firefoxc9f293.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2021-3368-1288792Fixed
firefox-esrsisyphus78.10.0-alt1115.10.0-alt1ALT-PU-2021-1687-1270388Fixed
firefox-esrp1091.1.0-alt1115.10.0-alt1ALT-PU-2021-2881-1284980Fixed
firefox-esrp978.10.0-alt0.1.p9102.11.0-alt0.c9.1ALT-PU-2021-1701-1270404Fixed
firefox-esrc10f191.1.0-alt1115.9.1-alt0.c10.1ALT-PU-2021-2881-1284980Fixed
firefox-esrc9f278.10.0-alt0.1.c9102.12.0-alt0.c9.1ALT-PU-2021-1718-1270451Fixed
thunderbirdsisyphus78.10.1-alt1115.9.0-alt1ALT-PU-2021-1804-1267593Fixed
thunderbirdp1078.10.1-alt1115.9.0-alt1ALT-PU-2021-1804-1267593Fixed
thunderbirdp978.10.2-alt0.1.p9102.11.0-alt0.c9.1ALT-PU-2021-1892-1271859Fixed
thunderbirdc10f178.10.1-alt1115.9.0-alt0.c10.1ALT-PU-2021-1804-1267593Fixed
thunderbirdc9f278.10.2-alt0.c9.1102.11.0-alt0.c9.1ALT-PU-2021-1886-1272274Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
  • Exploit
  • Issue Tracking
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-15/
  • Release Notes
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-16/
  • Release Notes
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2021-14/
  • Release Notes
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      78.10
      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      88.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      78.10
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top