Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-15654

Опубликовано: 28 июл. 2020
Источник: redhat
CVSS3: 6.5

Описание

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6firefoxWill not fix
Red Hat Enterprise Linux 6thunderbirdWill not fix
Red Hat Enterprise Linux 7thunderbirdWill not fix
Red Hat Enterprise Linux 8thunderbirdWill not fix
Red Hat Enterprise Linux 7firefoxFixedRHSA-2020:408030.09.2020
Red Hat Enterprise Linux 8firefoxFixedRHSA-2020:355726.08.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionsfirefoxFixedRHSA-2020:355526.08.2020
Red Hat Enterprise Linux 8.1 Extended Update SupportfirefoxFixedRHSA-2020:355926.08.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-451
https://bugzilla.redhat.com/show_bug.cgi?id=1861649Mozilla: Custom cursor can overlay user interface

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-15654

CVSS3: 6.5
ubuntu
около 5 лет назад

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

nvd логотип

CVE-2020-15654

CVSS3: 6.5
nvd
около 5 лет назад

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

debian логотип

CVE-2020-15654

CVSS3: 6.5
debian
около 5 лет назад

When in an endless loop, a website specifying a custom cursor using CS ...

github логотип

GHSA-8j7j-8w2r-72pq

CVSS3: 6.5
github
больше 3 лет назад

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

suse-cvrf логотип

openSUSE-SU-2020:1189-1

suse-cvrf
около 5 лет назад

Security update for MozillaFirefox

6.5 Medium

CVSS3