Bug 2123255 (CVE-2022-3032)
Summary: | CVE-2022-3032 Mozilla: Remote content specified in an HTML document that was nested inside an iframe's srcdoc attribute was not blocked | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mauro Matteo Cascella <mcascell> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | erack, jhorak, nobody, stransky, tpopela |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | thunderbird 91.13.1, thunderbird 102.2.1 | Doc Type: | --- |
Doc Text: |
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when receiving an HTML email that contained an `iframe` element, which used a `srcdoc` attribute to define the internal HTML document, remote objects specified in the nested document (for example, images or videos), were not blocked. Rather, the network was accessed, and the objects were loaded and displayed.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-28 06:15:08 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2123264, 2123265, 2123266, 2123267, 2123268, 2123269, 2123270, 2123271, 2123272 | ||
Bug Blocks: | 2123245 |
Description
Mauro Matteo Cascella
2022-09-01 09:09:10 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6713 https://access.redhat.com/errata/RHSA-2022:6713 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6710 https://access.redhat.com/errata/RHSA-2022:6710 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6708 https://access.redhat.com/errata/RHSA-2022:6708 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6716 https://access.redhat.com/errata/RHSA-2022:6716 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:6715 https://access.redhat.com/errata/RHSA-2022:6715 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6717 https://access.redhat.com/errata/RHSA-2022:6717 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-3032 |