Описание
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:
Firefox caches CORS preflight responses across IP address changes. This allows circumventing CORS with DNS rebinding.
Отчет
Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Not affected | ||
| Red Hat Enterprise Linux 10 | rhel10/firefox-flatpak | Not affected | ||
| Red Hat Enterprise Linux 10 | rhel10/thunderbird-flatpak | Not affected | ||
| Red Hat Enterprise Linux 10 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 6 | firefox | Not affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 7 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | thunderbird | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
Thunderbird cached CORS preflight responses across IP address changes. ...
Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с зависимостью критичных действий от обратного DNS-решения, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.1 Medium
CVSS3