CVE-2021-23999 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Sandbox escape
Description	A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1836	thunderbird	78.9.1-3	78.10.0-1	High	Fixed
AVG-1834	firefox	87.0-2	88.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
29 Apr 2021	ASA-202104-4	AVG-1836	thunderbird	High	multiple issues
29 Apr 2021	ASA-202104-3	AVG-1834	firefox	High	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999 https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999 https://bugzilla.mozilla.org/show_bug.cgi?id=1691153

References

https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999
https://bugzilla.mozilla.org/show_bug.cgi?id=1691153