Bug 1942786 (CVE-2021-23984)
Summary: | CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | firefox 78.9, thunderbird 78.9 | Doc Type: | If docs needed, set a value |
Doc Text: |
The Mozilla Foundation Security Advisory describes this issue as:
A malicious extension could have opened a popup window lacking an address bar. The title of the popup lacking an address bar should not be fully controllable, but in this situation was. This could have been used to spoof a website and attempt to trick the user into providing credentials.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-03-25 17:35:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1939796, 1939797, 1939798, 1939799, 1939800, 1939801, 1939805, 1939806, 1939807, 1939808, 1939809, 1939810 | ||
Bug Blocks: | 1939794 |
Description
Doran Moppert
2021-03-25 00:47:48 UTC
Acknowledgments: Name: the Mozilla project Upstream: Rob Wu This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0990 https://access.redhat.com/errata/RHSA-2021:0990 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0991 https://access.redhat.com/errata/RHSA-2021:0991 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0995 https://access.redhat.com/errata/RHSA-2021:0995 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0993 https://access.redhat.com/errata/RHSA-2021:0993 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0989 https://access.redhat.com/errata/RHSA-2021:0989 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0994 https://access.redhat.com/errata/RHSA-2021:0994 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0996 https://access.redhat.com/errata/RHSA-2021:0996 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:0992 https://access.redhat.com/errata/RHSA-2021:0992 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23984 |