The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | firefox-0:128.6.0-1.el7_9 | * |
Red Hat Enterprise Linux 8 | RedHat | firefox-0:128.6.0-1.el8_10 | * |
Red Hat Enterprise Linux 8 | RedHat | thunderbird-0:128.6.0-3.el8_10 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | firefox-0:128.6.0-1.el8_2 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | thunderbird-0:128.6.0-3.el8_2 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | firefox-0:128.6.0-1.el8_4 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | thunderbird-0:128.6.0-3.el8_4 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | firefox-0:128.6.0-1.el8_4 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | thunderbird-0:128.6.0-3.el8_4 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | firefox-0:128.6.0-1.el8_4 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | thunderbird-0:128.6.0-3.el8_4 | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | firefox-0:128.6.0-1.el8_6 | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | thunderbird-0:128.6.0-3.el8_6 | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | firefox-0:128.6.0-1.el8_6 | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | thunderbird-0:128.6.0-3.el8_6 | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | firefox-0:128.6.0-1.el8_6 | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | thunderbird-0:128.6.0-3.el8_6 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | firefox-0:128.6.0-1.el8_8 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | thunderbird-0:128.6.0-3.el8_8 | * |
Red Hat Enterprise Linux 9 | RedHat | firefox-0:128.6.0-1.el9_5 | * |
Red Hat Enterprise Linux 9 | RedHat | thunderbird-0:128.6.0-3.el9_5 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | firefox-0:128.6.0-1.el9_0 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | thunderbird-0:128.6.0-3.el9_0 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | firefox-0:128.6.0-1.el9_2 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | thunderbird-0:128.6.0-3.el9_2 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | firefox-0:128.6.0-1.el9_4 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | thunderbird-0:128.6.0-3.el9_4 | * |
Firefox | Ubuntu | focal | * |
Mozjs102 | Ubuntu | esm-apps/noble | * |
Mozjs102 | Ubuntu | jammy | * |
Mozjs102 | Ubuntu | noble | * |
Mozjs115 | Ubuntu | devel | * |
Mozjs115 | Ubuntu | noble | * |
Mozjs115 | Ubuntu | oracular | * |
Mozjs115 | Ubuntu | plucky | * |
Mozjs52 | Ubuntu | esm-infra/bionic | * |
Mozjs52 | Ubuntu | focal | * |
Mozjs68 | Ubuntu | esm-infra/focal | * |
Mozjs68 | Ubuntu | focal | * |
Mozjs78 | Ubuntu | jammy | * |
Mozjs91 | Ubuntu | jammy | * |