Bug 1881664 (CVE-2020-15677)
| Summary: | CVE-2020-15677 Mozilla: Download origin spoofing via redirect | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | cschalle, gecko-bugs-nobody, jhorak, stransky |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 78.3, thunderbird 78.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-09-24 14:41:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1873379, 1879267, 1879268, 1879269, 1879270, 1879271, 1879272, 1881389, 1881390, 1881391, 1881392, 1881393, 1881394 | ||
| Bug Blocks: | 1879265 | ||
|
Description
msiddiqu
2020-09-22 20:38:33 UTC
Acknowledgments: Name: the Mozilla project Upstream: Richard Thomas and Tom Chothia (University of Birmingham) This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3834 https://access.redhat.com/errata/RHSA-2020:3834 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3833 https://access.redhat.com/errata/RHSA-2020:3833 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3832 https://access.redhat.com/errata/RHSA-2020:3832 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:3835 https://access.redhat.com/errata/RHSA-2020:3835 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15677 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4080 https://access.redhat.com/errata/RHSA-2020:4080 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4156 https://access.redhat.com/errata/RHSA-2020:4156 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4157 https://access.redhat.com/errata/RHSA-2020:4157 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4155 https://access.redhat.com/errata/RHSA-2020:4155 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:4158 https://access.redhat.com/errata/RHSA-2020:4158 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4163 https://access.redhat.com/errata/RHSA-2020:4163 |