Описание
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
The Mozilla Foundation Security Advisory describes this flaw as:
When a HTTPS page was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2021:0290 | 28.01.2021 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2021:0297 | 28.01.2021 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2021:0288 | 27.01.2021 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2021:0298 | 28.01.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | firefox | Fixed | RHSA-2021:0285 | 27.01.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | thunderbird | Fixed | RHSA-2021:0397 | 03.02.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | firefox | Fixed | RHSA-2021:0289 | 27.01.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | thunderbird | Fixed | RHSA-2021:0299 | 28.01.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
When a HTTPS pages was embedded in a HTTP page, and there was a servic ...
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
EPSS
6.1 Medium
CVSS3