8.8

CVE-2021-23999

Exploit

EPSS 0.21%
Veröffentlicht 24.06.2021 14:15:09
Zuletzt bearbeitet 21.11.2024 05:52:10
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 88.0

Mozilla ≫ Firefox ESR Version < 78.10

Mozilla ≫ Thunderbird Version < 78.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.438

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

https://www.mozilla.org/security/advisories/mfsa2021-14/

Vendor Advisory

Release Notes

https://www.mozilla.org/security/advisories/mfsa2021-15/

Vendor Advisory

Release Notes

https://www.mozilla.org/security/advisories/mfsa2021-16/

Vendor Advisory

Release Notes

https://bugzilla.mozilla.org/show_bug.cgi?id=1691153

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-23999

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23999

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23999

EUVD