CVE-2021-23999 - log back

CVE-2021-23999 edited at 19 Apr 2021 14:23:38
Description
- A security issue has been found in Firefox before version 88. If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
+ A security issue has been found in Firefox before version 88 and Thunderbird before version 78.10. If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23999
https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
Notes
CVE-2021-23999 edited at 19 Apr 2021 13:35:41
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Sandbox escape
Description
+ A security issue has been found in Firefox before version 88. If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23999
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1691153
CVE-2021-23999 created at 19 Apr 2021 13:29:45