Описание
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139.
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Previewing a response in Devtools ignors CSP headers, which could allow content injection attacks.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Not affected | ||
| Red Hat Enterprise Linux 10 | rhel10/firefox-flatpak | Not affected | ||
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.4 Low
CVSS3
Связанные уязвимости
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139.
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139.
Previewing a response in Devtools ignored CSP headers, which could hav ...
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139.
Уязвимость функции предварительного просмотре ответа набора инструментов для веб-разработки DevTools браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю обойти защитный механизм CSP (Content Security Policy)
EPSS
3.4 Low
CVSS3