Описание
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 105.0+build2-0ubuntu0.18.04.1 |
| devel | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | released | 105.0+build2-0ubuntu0.20.04.1 |
| jammy | not-affected | code not present |
| kinetic | not-affected | code not present |
| lunar | not-affected | code not present |
| trusty | ignored | end of standard support |
| upstream | released | 105 |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:102.4.2+build2-0ubuntu0.18.04.1 |
| devel | not-affected | 1:102.3.0+build1-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | released | 1:102.4.2+build2-0ubuntu0.20.04.1 |
| jammy | released | 1:102.4.2+build2-0ubuntu0.22.04.1 |
| kinetic | not-affected | 1:102.3.0+build1-0ubuntu1 |
| lunar | not-affected | 1:102.3.0+build1-0ubuntu1 |
| trusty | ignored | end of standard support |
| upstream | released | 102.3 |
| xenial | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
When injecting an HTML base element, some requests would ignore the CS ...
When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
Уязвимость реализации конфигурации CSP: base-uri браузеров Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти ограничения безопасности
EPSS
6.1 Medium
CVSS3