Описание
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox would not have noticed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected | ||
| Red Hat Enterprise Linux 9 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2022:0824 | 10.03.2022 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2022:0850 | 14.03.2022 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2022:0818 | 10.03.2022 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2022:0845 | 14.03.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | firefox | Fixed | RHSA-2022:0815 | 10.03.2022 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2022:0847 | 14.03.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
When installing an add-on, Firefox verified the signature before promp ...
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
Уязвимость браузера Mozilla Firefox, связанная с состоянием гонки при проверке подписей, позволяющая нарушителю выполнить спуфинговую атаку
7.5 High
CVSS3