Bug 2102167 (CVE-2022-34478)
| Summary: | CVE-2022-34478 Mozilla: Microsoft protocols can be attacked if a user accepts a prompt | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | firefox 91.11, thunderbird 91.11, thunderbird 102 | Doc Type: | --- |
| Doc Text: |
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of the `ms-msdt`, `search`, and `search-ms` protocols delivering content to Microsoft applications and bypassing the browser when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Firefox), so in this release, Firefox has blocked these protocols from prompting the user to open them.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-06-29 12:35:07 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2098598 | ||
|
Description
Mauro Matteo Cascella
2022-06-29 12:20:33 UTC
|