Описание
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
The Mozilla Foundation Security Advisory describes this flaw as:
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2024:0957 | 26.02.2024 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2024:0976 | 26.02.2024 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2024:0955 | 26.02.2024 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2024:0964 | 26.02.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird | Fixed | RHSA-2024:0958 | 26.02.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | firefox | Fixed | RHSA-2024:0972 | 26.02.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | thunderbird | Fixed | RHSA-2024:0958 | 26.02.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | firefox | Fixed | RHSA-2024:0972 | 26.02.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
Through a series of API calls and redirects, an attacker-controlled al ...
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123 and Firefox ESR < 115.8.
Уязвимость реализации прикладного программного интерфейса браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю отобразить alertdialog на другом веб-сайте
EPSS
7.5 High
CVSS3