Описание
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
The Mozilla Foundation Security Advisory describes this issue as:
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2021:0992 | 25.03.2021 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2021:0996 | 25.03.2021 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2021:0990 | 25.03.2021 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2021:0993 | 25.03.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | firefox | Fixed | RHSA-2021:0991 | 25.03.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | thunderbird | Fixed | RHSA-2021:0995 | 25.03.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | firefox | Fixed | RHSA-2021:0989 | 25.03.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | thunderbird | Fixed | RHSA-2021:0994 | 25.03.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
A malicious extension could have opened a popup window lacking an addr ...
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87.
Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением визуализируемых слоев или фреймов пользовательского интерфейса, позволяющая нарушителю проводить спуфинг-атаки
EPSS
6.1 Medium
CVSS3