Описание
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Affected | ||
| Red Hat Enterprise Linux 10 | firefox-flatpak-container | Affected | ||
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 9 | firefox-flatpak-container | Affected | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | firefox | Fixed | RHSA-2025:2699 | 13.03.2025 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2025:2452 | 06.03.2025 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | firefox | Fixed | RHSA-2025:2708 | 13.03.2025 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | firefox | Fixed | RHSA-2025:2484 | 10.03.2025 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | firefox | Fixed | RHSA-2025:2484 | 10.03.2025 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | firefox | Fixed | RHSA-2025:2484 | 10.03.2025 |
Показывать по
Дополнительная информация
Статус:
5.4 Medium
CVSS3
Связанные уязвимости
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
jar: URLs retrieve local file content packaged in a ZIP archive. The n ...
jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8.
Уязвимость компонента RegExp браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю выполнить произвольный код
5.4 Medium
CVSS3