Описание
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: If a user installed a particular type of extension, the extension could have auto-updated itself, and while doing so may have bypassed the prompt which grants the new version the new requested permissions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected | ||
| Red Hat Enterprise Linux 9 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2022:0514 | 14.02.2022 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2022:0538 | 15.02.2022 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2022:0510 | 14.02.2022 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2022:0535 | 15.02.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | firefox | Fixed | RHSA-2022:0513 | 14.02.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2022:0539 | 15.02.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
If a user installed an extension of a particular type, the extension c ...
If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
Уязвимость реализации расширений браузера Mozilla Firefox, позволяющая нарушителю обойти введенные ограничения безопасности
EPSS
7.5 High
CVSS3