CVE-2021-23999

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-23999

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23999.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-23999

Downstream

DEBIAN-CVE-2021-23999

DLA-2632-1

DLA-2633-1

DSA-4895-1

DSA-4897-1

OESA-2023-1673

OESA-2023-1674

RHSA-2021:1350

RHSA-2021:1351

RHSA-2021:1352

RHSA-2021:1353

RHSA-2021:1360

RHSA-2021:1361

RHSA-2021:1362

RHSA-2021:1363

SUSE-SU-2021:1307-1

SUSE-SU-2021:1325-1

SUSE-SU-2021:1432-1

SUSE-SU-2021:1433-1

SUSE-SU-2021:14708-1

UBUNTU-CVE-2021-23999

USN-4926-1

USN-4995-1

USN-4995-2

openSUSE-SU-2021:0621-1

openSUSE-SU-2021:0644-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Withdrawn

2026-01-27T04:17:35.825853Z

Published

2021-06-24T14:15:09Z

Modified

2026-01-27T04:17:35.825853Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

References

Affected packages