Through use of `reportValidity()` and `window.open()`, a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3756 https://access.redhat.com/errata/RHSA-2021:3756
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3757 https://access.redhat.com/errata/RHSA-2021:3757
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3755 https://access.redhat.com/errata/RHSA-2021:3755
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-38497
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3791 https://access.redhat.com/errata/RHSA-2021:3791
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3840 https://access.redhat.com/errata/RHSA-2021:3840
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3839 https://access.redhat.com/errata/RHSA-2021:3839
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:3838 https://access.redhat.com/errata/RHSA-2021:3838
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3841 https://access.redhat.com/errata/RHSA-2021:3841