Описание
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
The Mozilla Foundation Security Advisory describes this flaw as:
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2024:1910 | 18.04.2024 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2024:1935 | 22.04.2024 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2024:1912 | 18.04.2024 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2024:1939 | 22.04.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | firefox | Fixed | RHSA-2024:1904 | 18.04.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | thunderbird | Fixed | RHSA-2024:1934 | 22.04.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | firefox | Fixed | RHSA-2024:1904 | 18.04.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | thunderbird | Fixed | RHSA-2024:1934 | 22.04.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10.
The permission prompt input delay could expire while the window is not ...
The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124.
Уязвимость браузера Mozilla Firefox, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю провести атаку типа clickjacking («захват клика»)
EPSS
6.1 Medium
CVSS3