Уязвимость сокрытия уведомления полноэкранного режима через URL, обрабатываемые внешними программами, в Firefox и Thunderbird
Описание
Веб-сайт мог скрыть уведомление о переходе в полноэкранный режим, используя URL схемы, обрабатываемые внешними программами, например, mailto:. Это могло вызвать путаницу у пользователей и привести к возможным атакам спуфинга (подмены).
Затронутые версии ПО
- Firefox < 115
- Firefox ESR < 102.13
- Thunderbird < 102.13
Тип уязвимости
- Спуфинг
- Обман пользователя
Ссылки
- Issue TrackingPermissions Required
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingPermissions Required
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
A website could have obscured the fullscreen notification by using a U ...
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Уязвимость полноэкранного уведомления браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить спуфинг-атаки
EPSS
6.5 Medium
CVSS3