Описание
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 101.0-1 | package | |
| firefox-esr | fixed | 91.11.0esr-1 | package | |
| thunderbird | fixed | 1:91.11.0-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31744
https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-31744
https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-31744
Связанные уязвимости
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page's Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
Уязвимость почтового клиента Thunderbird, браузера Firefox ESR, связанная с ошибкой при обработке таблиц стилей CSS, доступных через внутренние URI, как «ресурс:», позволяющая нарушителю обойти реализованную политику безопасности содержимого