8.8

CVE-2021-23999

Exploit

EPSS 0.21%
Published 24.06.2021 14:15:09
Last modified 21.11.2024 05:52:10
Source security@mozilla.org
Teams watchlist Login
Open Login

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Affected products Warnungen 0 Metrics 3 CWE 2 References 7

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 88.0

Mozilla ≫ Firefox ESR Version < 78.10

Mozilla ≫ Thunderbird Version < 78.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.438

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

https://www.mozilla.org/security/advisories/mfsa2021-14/

Vendor Advisory

Release Notes

https://www.mozilla.org/security/advisories/mfsa2021-15/

Vendor Advisory

Release Notes

https://www.mozilla.org/security/advisories/mfsa2021-16/

Vendor Advisory

Release Notes

https://bugzilla.mozilla.org/show_bug.cgi?id=1691153

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-23999

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23999

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23999

EUVD