Описание
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-0237
- https://bugzilla.mozilla.org/show_bug.cgi?id=1915257
- https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html
- https://www.mozilla.org/security/advisories/mfsa2025-01
- https://www.mozilla.org/security/advisories/mfsa2025-02
- https://www.mozilla.org/security/advisories/mfsa2025-04
- https://www.mozilla.org/security/advisories/mfsa2025-05
Связанные уязвимости
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
The WebChannel API, which is used to transport various information acr ...
Уязвимость интерфейса WebChannel API браузеров Mozilla Firefox, Firefox ESR и почтовых клиентов Thunderbird, Thunderbird ESR, позволяющая нарушителю повысить свои привилегии