Описание
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 88.0-1 | package | |
| firefox-esr | fixed | 78.10.0esr-1 | package | |
| thunderbird | fixed | 1:78.10.0-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2021-14/#CVE-2021-23998
https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/#CVE-2021-23998
https://www.mozilla.org/en-US/security/advisories/mfsa2021-16/#CVE-2021-23998
EPSS
Связанные уязвимости
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.
Уязвимость почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, связанная с ошибками при сохранении разрешений, позволяющая нарушителю ошибочно присвоить сертификат безопасности HTTP-странице
EPSS