Описание
Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
The Mozilla Foundation Security Advisory describes this flaw as:
Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2023:0296 | 23.01.2023 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2023:0456 | 25.01.2023 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2023:0288 | 23.01.2023 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2023:0463 | 25.01.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | firefox | Fixed | RHSA-2023:0290 | 23.01.2023 |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2023:0457 | 25.01.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | firefox | Fixed | RHSA-2023:0294 | 23.01.2023 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird | Fixed | RHSA-2023:0459 | 25.01.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Regular expressions used to filter out forbidden properties and values ...
Regular expressions used to filter out forbidden properties and values from style directives in calls to <code>console.log</code> weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Уязвимость веб-браузеров Firefox, Firefox ESR, почтового клиента Thunderbird, связанная с недостаточной обработкой регулярных выражений, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
6.5 Medium
CVSS3