Bug 2081469 (CVE-2022-29909) - CVE-2022-29909 Mozilla: Bypassing permission prompt in nested browsing contexts
Summary: CVE-2022-29909 Mozilla: Bypassing permission prompt in nested browsing contexts
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-29909
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2078959 Red Hat2078960 Red Hat2078961 Red Hat2078962 Red Hat2078963 Red Hat2078964 Red Hat2078965 Red Hat2078966 Red Hat2078967 Red Hat2078987 Red Hat2079747 Red Hat2079748 Red Hat2079749 Red Hat2079750 Red Hat2079751 Red Hat2079752 Red Hat2079753 Red Hat2079754 Red Hat2079755
Blocks: Embargoed2078957
TreeView+ depends on / blocked
 
Reported: 2022-05-03 20:21 UTC by Mauro Matteo Cascella
Modified: 2023-01-10 11:17 UTC (History)
5 users (show)

Fixed In Version: firefox 91.9, thunderbird 91.9
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.
Clone Of:
Environment:
Last Closed: 2022-05-18 04:16:01 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:1701 0 None None None 2022-05-04 11:16:35 UTC
Red Hat Product Errata RHSA-2022:1702 0 None None None 2022-05-04 11:49:51 UTC
Red Hat Product Errata RHSA-2022:1703 0 None None None 2022-05-04 11:59:11 UTC
Red Hat Product Errata RHSA-2022:1704 0 None None None 2022-05-04 11:21:29 UTC
Red Hat Product Errata RHSA-2022:1705 0 None None None 2022-05-04 11:24:18 UTC
Red Hat Product Errata RHSA-2022:1724 0 None None None 2022-05-05 13:32:08 UTC
Red Hat Product Errata RHSA-2022:1725 0 None None None 2022-05-05 14:32:00 UTC
Red Hat Product Errata RHSA-2022:1726 0 None None None 2022-05-05 13:59:32 UTC
Red Hat Product Errata RHSA-2022:1727 0 None None None 2022-05-05 13:48:00 UTC
Red Hat Product Errata RHSA-2022:1730 0 None None None 2022-05-05 14:02:39 UTC
Red Hat Product Errata RHSA-2022:4589 0 None None None 2022-05-18 01:27:20 UTC
Red Hat Product Errata RHSA-2022:4590 0 None None None 2022-05-18 01:26:43 UTC

Description Mauro Matteo Cascella 2022-05-03 20:21:41 UTC 
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions.

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29909
Comment 1 errata-xmlrpc 2022-05-04 11:16:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1701 https://access.redhat.com/errata/RHSA-2022:1701
Comment 2 errata-xmlrpc 2022-05-04 11:21:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1704 https://access.redhat.com/errata/RHSA-2022:1704
Comment 3 errata-xmlrpc 2022-05-04 11:24:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1705 https://access.redhat.com/errata/RHSA-2022:1705
Comment 4 errata-xmlrpc 2022-05-04 11:49:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1702 https://access.redhat.com/errata/RHSA-2022:1702
Comment 5 errata-xmlrpc 2022-05-04 11:59:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1703 https://access.redhat.com/errata/RHSA-2022:1703
Comment 6 errata-xmlrpc 2022-05-05 13:32:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1724 https://access.redhat.com/errata/RHSA-2022:1724
Comment 7 errata-xmlrpc 2022-05-05 13:47:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1727 https://access.redhat.com/errata/RHSA-2022:1727
Comment 8 errata-xmlrpc 2022-05-05 13:59:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1726 https://access.redhat.com/errata/RHSA-2022:1726
Comment 9 errata-xmlrpc 2022-05-05 14:02:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1730 https://access.redhat.com/errata/RHSA-2022:1730
Comment 10 errata-xmlrpc 2022-05-05 14:31:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1725 https://access.redhat.com/errata/RHSA-2022:1725
Comment 11 errata-xmlrpc 2022-05-18 01:26:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4590 https://access.redhat.com/errata/RHSA-2022:4590
Comment 12 errata-xmlrpc 2022-05-18 01:27:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:4589 https://access.redhat.com/errata/RHSA-2022:4589
Comment 13 Product Security DevOps Team 2022-05-18 04:15:58 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-29909
Note You need to log in before you can comment on or make changes to this bug.