Описание
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and normal/private browsing mode but not profiles.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | rhel10/firefox-flatpak | Affected | ||
| Red Hat Enterprise Linux 10 | rhel10/thunderbird-flatpak | Affected | ||
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 10 | firefox | Fixed | RHSA-2025:10073 | 01.07.2025 |
| Red Hat Enterprise Linux 10 | thunderbird | Fixed | RHSA-2025:10195 | 02.07.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | firefox | Fixed | RHSA-2025:10181 | 02.07.2025 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2025:10074 | 01.07.2025 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2025:10246 | 02.07.2025 |
Показывать по
Дополнительная информация
Статус:
6.1 Medium
CVSS3
Связанные уязвимости
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
An attacker who enumerated resources from the WebCompat extension coul ...
An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.
Уязвимость расширения WebCompat браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю раскрыть защищаемую информацию
6.1 Medium
CVSS3