An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:7505 https://access.redhat.com/errata/RHSA-2024:7505
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:7552 https://access.redhat.com/errata/RHSA-2024:7552
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:7621 https://access.redhat.com/errata/RHSA-2024:7621
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:7622 https://access.redhat.com/errata/RHSA-2024:7622
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:7646 https://access.redhat.com/errata/RHSA-2024:7646
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:7703 https://access.redhat.com/errata/RHSA-2024:7703
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:7704 https://access.redhat.com/errata/RHSA-2024:7704
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Extended Lifecycle Support Via RHSA-2024:7702 https://access.redhat.com/errata/RHSA-2024:7702
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:7699 https://access.redhat.com/errata/RHSA-2024:7699
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:7700 https://access.redhat.com/errata/RHSA-2024:7700
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:7842 https://access.redhat.com/errata/RHSA-2024:7842
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:7855 https://access.redhat.com/errata/RHSA-2024:7855
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:7853 https://access.redhat.com/errata/RHSA-2024:7853
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Via RHSA-2024:7856 https://access.redhat.com/errata/RHSA-2024:7856
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:7854 https://access.redhat.com/errata/RHSA-2024:7854
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:8169 https://access.redhat.com/errata/RHSA-2024:8169
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:8166 https://access.redhat.com/errata/RHSA-2024:8166