Описание
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | code not present |
| esm-infra/focal | DNE | |
| focal | released | 120.0+build2-0ubuntu0.20.04.1 |
| jammy | not-affected | code not present |
| lunar | ignored | end of life, was needs-triage |
| mantic | not-affected | code not present |
| noble | not-affected | code not present |
| trusty | ignored | end of standard support |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | ignored | |
| esm-apps/noble | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | ignored | |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | ignored | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | DNE | |
| esm-apps/bionic | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | DNE | |
| esm-apps/focal | ignored | |
| esm-infra/bionic | ignored | |
| focal | ignored | |
| jammy | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | ignored | |
| focal | ignored | |
| jammy | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| trusty | DNE | |
| upstream | ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/jammy | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | ignored | |
| lunar | ignored | end of life, was needs-triage |
| mantic | DNE | |
| noble | DNE | |
| trusty | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | ignored | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| trusty | DNE | |
| upstream | ignored |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 1:115.5.0+build1-0ubuntu1 |
| esm-infra/focal | DNE | |
| focal | released | 1:115.5.0+build1-0ubuntu0.20.04.1 |
| jammy | released | 1:115.5.0+build1-0ubuntu0.22.04.1 |
| lunar | released | 1:115.5.0+build1-0ubuntu0.23.04.1 |
| mantic | released | 1:115.5.0+build1-0ubuntu0.23.10.1 |
| noble | released | 1:115.5.0+build1-0ubuntu1 |
| trusty | ignored | end of standard support |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Relative URLs starting with three slashes were incorrectly parsed, and ...
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неверным ограничением имени пути с символами "/.. /", позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
6.5 Medium
CVSS3