Описание
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-15652
- https://bugzilla.mozilla.org/show_bug.cgi?id=1634872
- https://usn.ubuntu.com/4443-1
- https://www.mozilla.org/security/advisories/mfsa2020-30
- https://www.mozilla.org/security/advisories/mfsa2020-31
- https://www.mozilla.org/security/advisories/mfsa2020-32
- https://www.mozilla.org/security/advisories/mfsa2020-33
- https://www.mozilla.org/security/advisories/mfsa2020-35
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
Связанные уязвимости
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
By observing the stack trace for JavaScript errors in web workers, it ...
Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с утечкой информации в сообщениях об ошибках, позволяющая нарушителю раскрыть защищаемую информацию