Red Hat: CVE-2023-28164: CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (Multiple Advisories)

Red Hat: CVE-2023-28164: CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (Multiple Advisories)

Severity

7

CVSS

(AV:N/AC:M/Au:N/C:N/I:C/A:N)

Published

03/20/2023

Created

03/22/2023

Added

03/21/2023

Modified

01/28/2025

Description

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

Solution(s)

• redhat-upgrade-firefox
• redhat-upgrade-firefox-debuginfo
• redhat-upgrade-firefox-debugsource
• redhat-upgrade-firefox-x11
• redhat-upgrade-thunderbird
• redhat-upgrade-thunderbird-debuginfo
• redhat-upgrade-thunderbird-debugsource

References

• CVE-2023-28164
• RHSA-2023:1333
• RHSA-2023:1336
• RHSA-2023:1337
• RHSA-2023:1364
• RHSA-2023:1367
• RHSA-2023:1401
• RHSA-2023:1402
• RHSA-2023:1403
• RHSA-2023:1404
• RHSA-2023:1407
• RHSA-2023:1444
• RHSA-2023:1472

View more