Vulnerability CVE-2021-23999: Information
Description
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: June 24, 2021
Modified: April 26, 2022
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
firefox | sisyphus | 88.0-alt1 | 125.0.2-alt1 | ALT-PU-2021-1676-1 | 270325 | Fixed |
firefox | p10 | 88.0-alt1 | 118.0.2-alt0.p10.1 | ALT-PU-2021-1676-1 | 270325 | Fixed |
firefox | p9 | 93.0-alt0.p9.1 | 105.0.1-alt0.c9.1 | ALT-PU-2022-1782-1 | 288073 | Fixed |
firefox | c10f1 | 88.0-alt1 | 112.0.2-alt0.p10.1 | ALT-PU-2021-1676-1 | 270325 | Fixed |
firefox | c9f2 | 93.0-alt0.p9.1 | 105.0.1-alt0.c9.1 | ALT-PU-2021-3368-1 | 288792 | Fixed |
firefox-esr | sisyphus | 78.10.0-alt1 | 115.10.0-alt1 | ALT-PU-2021-1687-1 | 270388 | Fixed |
firefox-esr | p10 | 91.1.0-alt1 | 115.10.0-alt1 | ALT-PU-2021-2881-1 | 284980 | Fixed |
firefox-esr | p9 | 78.10.0-alt0.1.p9 | 102.11.0-alt0.c9.1 | ALT-PU-2021-1701-1 | 270404 | Fixed |
firefox-esr | c10f1 | 91.1.0-alt1 | 115.9.1-alt0.c10.1 | ALT-PU-2021-2881-1 | 284980 | Fixed |
firefox-esr | c9f2 | 78.10.0-alt0.1.c9 | 102.12.0-alt0.c9.1 | ALT-PU-2021-1718-1 | 270451 | Fixed |
thunderbird | sisyphus | 78.10.1-alt1 | 115.9.0-alt1 | ALT-PU-2021-1804-1 | 267593 | Fixed |
thunderbird | p10 | 78.10.1-alt1 | 115.9.0-alt1 | ALT-PU-2021-1804-1 | 267593 | Fixed |
thunderbird | p9 | 78.10.2-alt0.1.p9 | 102.11.0-alt0.c9.1 | ALT-PU-2021-1892-1 | 271859 | Fixed |
thunderbird | c10f1 | 78.10.1-alt1 | 115.9.0-alt0.c10.1 | ALT-PU-2021-1804-1 | 267593 | Fixed |
thunderbird | c9f2 | 78.10.2-alt0.c9.1 | 102.11.0-alt0.c9.1 | ALT-PU-2021-1886-1 | 272274 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1691153 |
|
https://www.mozilla.org/security/advisories/mfsa2021-15/ |
|
https://www.mozilla.org/security/advisories/mfsa2021-16/ |
|
https://www.mozilla.org/security/advisories/mfsa2021-14/ |
|