Описание
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Not affected | ||
| Red Hat Enterprise Linux 5 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 6 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 7 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 8 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2020:4080 | 30.09.2020 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2020:3557 | 26.08.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | firefox | Fixed | RHSA-2020:3555 | 26.08.2020 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | firefox | Fixed | RHSA-2020:3559 | 26.08.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
An iframe sandbox element with the allow-popups flag could be bypassed ...
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неправильными настройками прав доступа по умолчанию, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
6.1 Medium
CVSS3