CVE-2021-23999
First published: Mon Apr 19 2021(Updated: )
If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/firefox | 118.0.2-1 | |
| debian/firefox-esr | 91.12.0esr-1~deb10u1 115.3.1esr-1~deb10u1 102.15.0esr-1~deb11u1 115.3.1esr-1~deb11u1 102.15.1esr-1~deb12u1 115.3.0esr-1~deb12u1 115.3.0esr-1 | |
| debian/thunderbird | 1:91.12.0-1~deb10u1 1:115.3.1-1~deb10u1 1:102.13.1-1~deb11u1 1:115.3.1-1~deb11u1 1:102.15.1-1~deb12u1 1:115.3.1-1~deb12u1 1:115.3.1-1 | |
| Thunderbird | <78.10 | 78.10 |
| Firefox | <88.0 | |
| Firefox ESR | <78.10 | |
| Thunderbird | <78.10 | |
| Firefox | <88 | 88 |
| Firefox ESR | <78.10 | 78.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/
- https://www.mozilla.org/security/advisories/mfsa2021-14/
- https://www.mozilla.org/security/advisories/mfsa2021-15/
- https://www.mozilla.org/security/advisories/mfsa2021-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
- https://security-tracker.debian.org/tracker/CVE-2021-23999
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2021-23999?
CVE-2021-23999 is classified as a moderate severity vulnerability.
How do I fix CVE-2021-23999?
To remediate CVE-2021-23999, users should upgrade to Mozilla Thunderbird version 78.10 or newer, or Firefox version 88 or newer.
What products are affected by CVE-2021-23999?
CVE-2021-23999 affects Mozilla Thunderbird versions prior to 78.10 and Mozilla Firefox ESR versions prior to 78.10.
What type of vulnerability is CVE-2021-23999?
CVE-2021-23999 involves improper handling of Blob URLs, which could lead to privilege escalation.
Is there a known exploit for CVE-2021-23999?
There are no publicly known exploits for CVE-2021-23999, but it poses a risk due to its potential impact on user privacy and security.
- collector/security-tracker-debian
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- package-manager/debian
- vendor/mozilla
- canonical/thunderbird
- canonical/firefox
- canonical/firefox esr