Bug 1872531 (CVE-2020-15664)

Summary: CVE-2020-15664 Mozilla: Attacker-induced prompt for extension installation
Product: [Other] Security Response Reporter: Doran Moppert <dmoppert>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: cschalle, gecko-bugs-nobody, jhorak, stransky
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 68.12, firefox 78.2, firefox 80, thunderbird 68.12, thunderbird 78.2 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-08-26 13:17:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1870413, 1870414, 1870415, 1870416, 1870417, 1870418, 1870419, 1873365, 1873366, 1873367, 1873368, 1873369, 1873370, 1873371    
Bug Blocks: 1870411    

Description Doran Moppert 2020-08-26 02:43:36 UTC 
By holding a reference to the `eval()` function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664
Comment 1 Doran Moppert 2020-08-26 02:43:40 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Kaizer Soze
Comment 2 errata-xmlrpc 2020-08-26 08:29:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:3558 https://access.redhat.com/errata/RHSA-2020:3558
Comment 3 errata-xmlrpc 2020-08-26 08:31:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:3555 https://access.redhat.com/errata/RHSA-2020:3555
Comment 4 errata-xmlrpc 2020-08-26 08:33:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:3556 https://access.redhat.com/errata/RHSA-2020:3556
Comment 5 errata-xmlrpc 2020-08-26 08:46:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:3557 https://access.redhat.com/errata/RHSA-2020:3557
Comment 6 errata-xmlrpc 2020-08-26 10:09:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:3559 https://access.redhat.com/errata/RHSA-2020:3559
Comment 7 Product Security DevOps Team 2020-08-26 13:17:29 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-15664
Comment 13 errata-xmlrpc 2020-09-07 08:13:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:3631 https://access.redhat.com/errata/RHSA-2020:3631
Comment 14 errata-xmlrpc 2020-09-07 08:19:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:3633 https://access.redhat.com/errata/RHSA-2020:3633
Comment 15 errata-xmlrpc 2020-09-07 08:24:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:3632 https://access.redhat.com/errata/RHSA-2020:3632
Comment 16 errata-xmlrpc 2020-09-07 08:28:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:3634 https://access.redhat.com/errata/RHSA-2020:3634
Comment 19 errata-xmlrpc 2020-09-08 08:02:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:3643 https://access.redhat.com/errata/RHSA-2020:3643