Vulnerability Details : CVE-2021-23999
Potential exploit
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Products affected by CVE-2021-23999
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-23999
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-23999
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-23999
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
-
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-23999
-
https://www.mozilla.org/security/advisories/mfsa2021-15/
Security Vulnerabilities fixed in Firefox ESR 78.10 — MozillaRelease Notes;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
Access DeniedExploit;Issue Tracking;Vendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2021-14/
Security Vulnerabilities fixed in Thunderbird 78.10 — MozillaRelease Notes;Vendor Advisory
-
https://www.mozilla.org/security/advisories/mfsa2021-16/
Security Vulnerabilities fixed in Firefox 88 — MozillaRelease Notes;Vendor Advisory
Jump to