Bug 2030109 (CVE-2021-43538)
Summary: | CVE-2021-43538 Mozilla: Missing fullscreen and pointer lock notification when requesting both | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | firefox 91.4.0, thunderbird 91.4.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as:
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-12-08 11:05:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2029262, 2029263, 2029264, 2029265, 2029266, 2029267, 2029268, 2029274, 2029735, 2029736, 2029737, 2029738, 2029739, 2029740 | ||
Bug Blocks: | 2029260 |
Description
Doran Moppert
2021-12-08 02:35:39 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2021:5017 https://access.redhat.com/errata/RHSA-2021:5017 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:5013 https://access.redhat.com/errata/RHSA-2021:5013 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2021:5015 https://access.redhat.com/errata/RHSA-2021:5015 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:5016 https://access.redhat.com/errata/RHSA-2021:5016 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:5014 https://access.redhat.com/errata/RHSA-2021:5014 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-43538 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:5047 https://access.redhat.com/errata/RHSA-2021:5047 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:5045 https://access.redhat.com/errata/RHSA-2021:5045 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2021:5048 https://access.redhat.com/errata/RHSA-2021:5048 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:5046 https://access.redhat.com/errata/RHSA-2021:5046 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2021:5055 https://access.redhat.com/errata/RHSA-2021:5055 |