Bug 2250900 (CVE-2023-6208) - CVE-2023-6208 Mozilla: Using Selection API would copy contents into X11 primary selection.
Summary: CVE-2023-6208 Mozilla: Using Selection API would copy contents into X11 prima...
Keywords:
Status: NEW
Alias: CVE-2023-6208
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2249647
TreeView+ depends on / blocked
 
Reported: 2023-11-21 17:42 UTC by Mauro Matteo Cascella
Modified: 2023-12-01 12:13 UTC (History)
0 users

Fixed In Version: firefox 115.5, thunderbird 115.5
Doc Type: ---
Doc Text:
The Mozilla Foundation Security Advisory describes this flaw as: When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.*
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:7499 0 None None None 2023-11-27 15:44:30 UTC
Red Hat Product Errata RHSA-2023:7500 0 None None None 2023-11-27 15:46:53 UTC
Red Hat Product Errata RHSA-2023:7501 0 None None None 2023-11-27 15:47:03 UTC
Red Hat Product Errata RHSA-2023:7502 0 None None None 2023-11-27 15:44:53 UTC
Red Hat Product Errata RHSA-2023:7503 0 None None None 2023-11-27 15:57:32 UTC
Red Hat Product Errata RHSA-2023:7504 0 None None None 2023-11-27 15:48:27 UTC
Red Hat Product Errata RHSA-2023:7505 0 None None None 2023-11-27 16:10:21 UTC
Red Hat Product Errata RHSA-2023:7506 0 None None None 2023-11-27 16:03:07 UTC
Red Hat Product Errata RHSA-2023:7507 0 None None None 2023-11-27 16:09:13 UTC
Red Hat Product Errata RHSA-2023:7508 0 None None None 2023-11-27 16:10:13 UTC
Red Hat Product Errata RHSA-2023:7509 0 None None None 2023-11-27 16:18:13 UTC
Red Hat Product Errata RHSA-2023:7510 0 None None None 2023-11-27 16:03:18 UTC
Red Hat Product Errata RHSA-2023:7511 0 None None None 2023-11-27 16:10:04 UTC
Red Hat Product Errata RHSA-2023:7512 0 None None None 2023-11-27 16:25:01 UTC
Red Hat Product Errata RHSA-2023:7547 0 None None None 2023-11-28 15:12:08 UTC
Red Hat Product Errata RHSA-2023:7569 0 None None None 2023-11-29 12:49:27 UTC
Red Hat Product Errata RHSA-2023:7570 0 None None None 2023-11-29 12:49:35 UTC
Red Hat Product Errata RHSA-2023:7573 0 None None None 2023-11-29 13:43:02 UTC
Red Hat Product Errata RHSA-2023:7574 0 None None None 2023-11-29 13:43:09 UTC
Red Hat Product Errata RHSA-2023:7577 0 None None None 2023-11-29 13:55:07 UTC

Description Mauro Matteo Cascella 2023-11-21 17:42:27 UTC
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard.

*This bug only affects Firefox on X11. Other systems are unaffected.*

External Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208

Comment 27 errata-xmlrpc 2023-11-27 15:44:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7499 https://access.redhat.com/errata/RHSA-2023:7499

Comment 28 errata-xmlrpc 2023-11-27 15:44:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:7502 https://access.redhat.com/errata/RHSA-2023:7502

Comment 29 errata-xmlrpc 2023-11-27 15:46:51 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7500 https://access.redhat.com/errata/RHSA-2023:7500

Comment 30 errata-xmlrpc 2023-11-27 15:47:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7501 https://access.redhat.com/errata/RHSA-2023:7501

Comment 31 errata-xmlrpc 2023-11-27 15:48:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7504 https://access.redhat.com/errata/RHSA-2023:7504

Comment 32 errata-xmlrpc 2023-11-27 15:57:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7503 https://access.redhat.com/errata/RHSA-2023:7503

Comment 33 errata-xmlrpc 2023-11-27 16:03:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7506 https://access.redhat.com/errata/RHSA-2023:7506

Comment 34 errata-xmlrpc 2023-11-27 16:03:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7510 https://access.redhat.com/errata/RHSA-2023:7510

Comment 35 errata-xmlrpc 2023-11-27 16:09:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7507 https://access.redhat.com/errata/RHSA-2023:7507

Comment 36 errata-xmlrpc 2023-11-27 16:10:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7511 https://access.redhat.com/errata/RHSA-2023:7511

Comment 37 errata-xmlrpc 2023-11-27 16:10:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7508 https://access.redhat.com/errata/RHSA-2023:7508

Comment 38 errata-xmlrpc 2023-11-27 16:10:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:7505 https://access.redhat.com/errata/RHSA-2023:7505

Comment 39 errata-xmlrpc 2023-11-27 16:18:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:7509 https://access.redhat.com/errata/RHSA-2023:7509

Comment 40 errata-xmlrpc 2023-11-27 16:25:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7512 https://access.redhat.com/errata/RHSA-2023:7512

Comment 41 errata-xmlrpc 2023-11-28 15:12:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:7547 https://access.redhat.com/errata/RHSA-2023:7547

Comment 42 errata-xmlrpc 2023-11-29 12:49:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7569 https://access.redhat.com/errata/RHSA-2023:7569

Comment 43 errata-xmlrpc 2023-11-29 12:49:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7570 https://access.redhat.com/errata/RHSA-2023:7570

Comment 44 errata-xmlrpc 2023-11-29 13:43:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:7573 https://access.redhat.com/errata/RHSA-2023:7573

Comment 45 errata-xmlrpc 2023-11-29 13:43:08 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:7574 https://access.redhat.com/errata/RHSA-2023:7574

Comment 46 errata-xmlrpc 2023-11-29 13:55:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7577 https://access.redhat.com/errata/RHSA-2023:7577


Note You need to log in before you can comment on or make changes to this bug.