Описание
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 7 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 5 | firefox | Fixed | RHSA-2017:0190 | 25.01.2017 |
| Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2017:0190 | 25.01.2017 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2017:0190 | 25.01.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
5.1 Medium
CVSS2
Связанные уязвимости
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
WebExtension scripts can use the "data:" protocol to affect pages load ...
WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51.
EPSS
7.3 High
CVSS3
5.1 Medium
CVSS2