If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23999
Acknowledgments: Name: the Mozilla project Upstream: Nika Layzell
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1353 https://access.redhat.com/errata/RHSA-2021:1353
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1351 https://access.redhat.com/errata/RHSA-2021:1351
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1352 https://access.redhat.com/errata/RHSA-2021:1352
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1350 https://access.redhat.com/errata/RHSA-2021:1350
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23999
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:1362 https://access.redhat.com/errata/RHSA-2021:1362
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1360 https://access.redhat.com/errata/RHSA-2021:1360
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:1361 https://access.redhat.com/errata/RHSA-2021:1361
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:1363 https://access.redhat.com/errata/RHSA-2021:1363