Bug 2170382 (CVE-2023-25729)

Summary: CVE-2023-25729 Mozilla: Extensions could have opened external schemes without user knowledge
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 102.8, thunderbird 102.8 Doc Type: If docs needed, set a value
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Permission prompts for opening external schemes were only shown for `ContentPrincipals` resulting in extensions being able to open them without user interaction via `ExpandedPrincipals`. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-20 18:31:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2167578, 2167579, 2167580, 2167581, 2167582, 2167583, 2167584, 2167585, 2167586, 2167587, 2167588, 2167672, 2167673, 2167674, 2167675, 2167676, 2167677, 2167678, 2167679, 2167680, 2167681, 2167682    
Bug Blocks: 2167576    

Description Dhananjay Arunesh 2023-02-16 09:09:44 UTC 
Permission prompts for opening external schemes were only shown for `ContentPrincipals` resulting in extensions being able to open them without user interaction via `ExpandedPrincipals`. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25729
Comment 1 errata-xmlrpc 2023-02-20 08:16:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0806 https://access.redhat.com/errata/RHSA-2023:0806
Comment 2 errata-xmlrpc 2023-02-20 08:18:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0805 https://access.redhat.com/errata/RHSA-2023:0805
Comment 3 errata-xmlrpc 2023-02-20 08:23:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0809 https://access.redhat.com/errata/RHSA-2023:0809
Comment 4 errata-xmlrpc 2023-02-20 08:25:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0810 https://access.redhat.com/errata/RHSA-2023:0810
Comment 5 errata-xmlrpc 2023-02-20 08:25:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0807 https://access.redhat.com/errata/RHSA-2023:0807
Comment 6 errata-xmlrpc 2023-02-20 08:26:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0811 https://access.redhat.com/errata/RHSA-2023:0811
Comment 7 errata-xmlrpc 2023-02-20 08:27:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0808 https://access.redhat.com/errata/RHSA-2023:0808
Comment 8 errata-xmlrpc 2023-02-20 08:27:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0812 https://access.redhat.com/errata/RHSA-2023:0812
Comment 9 errata-xmlrpc 2023-02-20 12:12:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:0818 https://access.redhat.com/errata/RHSA-2023:0818
Comment 10 errata-xmlrpc 2023-02-20 12:12:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:0819 https://access.redhat.com/errata/RHSA-2023:0819
Comment 11 errata-xmlrpc 2023-02-20 12:16:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:0822 https://access.redhat.com/errata/RHSA-2023:0822
Comment 12 errata-xmlrpc 2023-02-20 12:17:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:0817 https://access.redhat.com/errata/RHSA-2023:0817
Comment 13 errata-xmlrpc 2023-02-20 12:17:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:0824 https://access.redhat.com/errata/RHSA-2023:0824
Comment 14 errata-xmlrpc 2023-02-20 12:17:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:0820 https://access.redhat.com/errata/RHSA-2023:0820
Comment 15 errata-xmlrpc 2023-02-20 12:17:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:0821 https://access.redhat.com/errata/RHSA-2023:0821
Comment 16 errata-xmlrpc 2023-02-20 12:18:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:0823 https://access.redhat.com/errata/RHSA-2023:0823
Comment 17 Product Security DevOps Team 2023-02-20 18:31:48 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-25729