Bug 2196738 (CVE-2023-32207)

Summary: CVE-2023-32207 Mozilla: Potential permissions request bypass via clickjacking
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abobrov, elima, erack, jhorak, nobody, stransky, tpopela
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: firefox 102.11, thunderbird 102.11 Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-18 12:33:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2192787, 2192788, 2192789, 2192790, 2192791, 2192792, 2192793, 2192794, 2192795, 2192796, 2192797, 2192798, 2192801, 2192802, 2192803, 2192804, 2192805, 2192806, 2192807, 2192808, 2192809, 2192810, 2192811, 2192812    
Bug Blocks: 2192785    

Description Dhananjay Arunesh 2023-05-10 06:11:30 UTC 
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32207
Comment 1 errata-xmlrpc 2023-05-16 18:39:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3138 https://access.redhat.com/errata/RHSA-2023:3138
Comment 2 errata-xmlrpc 2023-05-16 18:39:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3139 https://access.redhat.com/errata/RHSA-2023:3139
Comment 3 errata-xmlrpc 2023-05-16 18:47:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3137 https://access.redhat.com/errata/RHSA-2023:3137
Comment 4 errata-xmlrpc 2023-05-16 18:52:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3142 https://access.redhat.com/errata/RHSA-2023:3142
Comment 5 errata-xmlrpc 2023-05-16 18:52:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:3140 https://access.redhat.com/errata/RHSA-2023:3140
Comment 6 errata-xmlrpc 2023-05-16 19:01:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3141 https://access.redhat.com/errata/RHSA-2023:3141
Comment 7 errata-xmlrpc 2023-05-16 19:03:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3143 https://access.redhat.com/errata/RHSA-2023:3143
Comment 8 errata-xmlrpc 2023-05-16 19:38:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:3150 https://access.redhat.com/errata/RHSA-2023:3150
Comment 9 errata-xmlrpc 2023-05-16 19:39:18 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:3149 https://access.redhat.com/errata/RHSA-2023:3149
Comment 10 errata-xmlrpc 2023-05-16 19:40:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:3152 https://access.redhat.com/errata/RHSA-2023:3152
Comment 11 errata-xmlrpc 2023-05-16 19:40:51 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:3153 https://access.redhat.com/errata/RHSA-2023:3153
Comment 12 errata-xmlrpc 2023-05-16 19:41:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2023:3154 https://access.redhat.com/errata/RHSA-2023:3154
Comment 13 errata-xmlrpc 2023-05-16 19:42:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:3151 https://access.redhat.com/errata/RHSA-2023:3151
Comment 14 errata-xmlrpc 2023-05-16 19:43:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:3155 https://access.redhat.com/errata/RHSA-2023:3155
Comment 17 errata-xmlrpc 2023-05-18 06:36:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3221 https://access.redhat.com/errata/RHSA-2023:3221
Comment 18 errata-xmlrpc 2023-05-18 06:36:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3220 https://access.redhat.com/errata/RHSA-2023:3220
Comment 19 Product Security DevOps Team 2023-05-18 12:33:13 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2023-32207