CVE-2021-23973

Опубликовано: 23 фев. 2021

Источник: redhat

CVSS3: 6.5

Описание

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	firefox	Out of support scope
Red Hat Enterprise Linux 6	thunderbird	Out of support scope
Red Hat Enterprise Linux 7	firefox	Fixed	RHSA-2021:0656	24.02.2021
Red Hat Enterprise Linux 7	thunderbird	Fixed	RHSA-2021:0661	24.02.2021
Red Hat Enterprise Linux 8	firefox	Fixed	RHSA-2021:0655	24.02.2021
Red Hat Enterprise Linux 8	thunderbird	Fixed	RHSA-2021:0657	24.02.2021
Red Hat Enterprise Linux 8.1 Extended Update Support	thunderbird	Fixed	RHSA-2021:0658	24.02.2021
Red Hat Enterprise Linux 8.1 Extended Update Support	firefox	Fixed	RHSA-2021:0659	24.02.2021
Red Hat Enterprise Linux 8.2 Extended Update Support	firefox	Fixed	RHSA-2021:0660	24.02.2021
Red Hat Enterprise Linux 8.2 Extended Update Support	thunderbird	Fixed	RHSA-2021:0662	24.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-209

https://bugzilla.redhat.com/show_bug.cgi?id=1932111Mozilla: MediaError message property could have leaked information about cross-origin resources

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2021-23973

CVSS3: 6.5

ubuntu

почти 5 лет назад

CVE-2021-23973

CVSS3: 6.5

nvd

почти 5 лет назад

CVE-2021-23973

CVSS3: 6.5

debian

почти 5 лет назад

When trying to load a cross-origin resource in an audio/video context ...

GHSA-jw3c-jgq3-cf92

CVSS3: 6.5

github

больше 3 лет назад

openSUSE-SU-2021:0387-1

suse-cvrf

почти 5 лет назад

Security update for MozillaThunderbird

6.5 Medium

CVSS3