Описание
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
The Mozilla Foundation Security Advisory describes this flaw as:
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 9 | firefox-flatpak-container | Affected | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2024:1486 | 25.03.2024 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2024:1484 | 25.03.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | firefox | Fixed | RHSA-2024:1490 | 25.03.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | firefox | Fixed | RHSA-2024:1490 | 25.03.2024 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | firefox | Fixed | RHSA-2024:1490 | 25.03.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | firefox | Fixed | RHSA-2024:1491 | 25.03.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | firefox | Fixed | RHSA-2024:1491 | 25.03.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | firefox | Fixed | RHSA-2024:1491 | 25.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
An attacker was able to inject an event handler into a privileged obje ...
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.
EPSS
8.8 High
CVSS3