Bug 2162339 (CVE-2023-23599)

Summary: CVE-2023-23599 Mozilla: Malicious command could be hidden in devtools output
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 102.7, thunderbird 102.7 Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-01-29 05:22:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2158855, 2158856, 2158857, 2158858, 2158859, 2158860, 2158861, 2158862, 2158863, 2158864, 2158865, 2158866, 2158867, 2158868, 2158872, 2158873, 2158874, 2158875, 2158876, 2158877, 2158878, 2158879, 2158880, 2158881, 2158883    
Bug Blocks: 2158844    

Description Dhananjay Arunesh 2023-01-19 11:35:27 UTC 
When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23599
Comment 1 errata-xmlrpc 2023-01-23 09:18:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0285 https://access.redhat.com/errata/RHSA-2023:0285
Comment 2 errata-xmlrpc 2023-01-23 09:18:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0286 https://access.redhat.com/errata/RHSA-2023:0286
Comment 3 errata-xmlrpc 2023-01-23 09:19:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0288 https://access.redhat.com/errata/RHSA-2023:0288
Comment 4 errata-xmlrpc 2023-01-23 09:20:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0290 https://access.redhat.com/errata/RHSA-2023:0290
Comment 5 errata-xmlrpc 2023-01-23 09:20:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0289 https://access.redhat.com/errata/RHSA-2023:0289
Comment 6 errata-xmlrpc 2023-01-23 09:21:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0294 https://access.redhat.com/errata/RHSA-2023:0294
Comment 7 errata-xmlrpc 2023-01-23 09:22:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0295 https://access.redhat.com/errata/RHSA-2023:0295
Comment 8 errata-xmlrpc 2023-01-23 09:22:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0296 https://access.redhat.com/errata/RHSA-2023:0296
Comment 9 errata-xmlrpc 2023-01-25 15:15:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0457 https://access.redhat.com/errata/RHSA-2023:0457
Comment 10 errata-xmlrpc 2023-01-25 15:17:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0459 https://access.redhat.com/errata/RHSA-2023:0459
Comment 11 errata-xmlrpc 2023-01-25 15:24:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0461 https://access.redhat.com/errata/RHSA-2023:0461
Comment 12 errata-xmlrpc 2023-01-25 15:25:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0460 https://access.redhat.com/errata/RHSA-2023:0460
Comment 13 errata-xmlrpc 2023-01-25 15:25:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0456 https://access.redhat.com/errata/RHSA-2023:0456
Comment 14 errata-xmlrpc 2023-01-25 15:28:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0462 https://access.redhat.com/errata/RHSA-2023:0462
Comment 15 errata-xmlrpc 2023-01-25 15:29:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0463 https://access.redhat.com/errata/RHSA-2023:0463
Comment 16 errata-xmlrpc 2023-01-26 17:15:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0476 https://access.redhat.com/errata/RHSA-2023:0476
Comment 17 Product Security DevOps Team 2023-01-29 05:22:08 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-23599