jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes NUL characters or null bytes when they are sent to a downstream component.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | firefox-0:128.8.0-1.el7_9 | * |
Red Hat Enterprise Linux 8 | RedHat | firefox-0:128.8.0-1.el8_10 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | firefox-0:128.8.0-1.el8_2 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | firefox-0:128.8.0-1.el8_4 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | firefox-0:128.8.0-1.el8_4 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | firefox-0:128.8.0-1.el8_4 | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | firefox-0:128.8.0-1.el8_6 | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | firefox-0:128.8.0-1.el8_6 | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | firefox-0:128.8.0-1.el8_6 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | firefox-0:128.8.0-1.el8_8 | * |
Red Hat Enterprise Linux 9 | RedHat | firefox-0:128.8.0-1.el9_5 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | firefox-0:128.8.0-1.el9_0 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | firefox-0:128.8.0-1.el9_2 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | firefox-0:128.8.0-1.el9_4 | * |
Firefox | Ubuntu | focal | * |
Mozjs102 | Ubuntu | esm-apps/noble | * |
Mozjs102 | Ubuntu | jammy | * |
Mozjs102 | Ubuntu | noble | * |
Mozjs115 | Ubuntu | devel | * |
Mozjs115 | Ubuntu | noble | * |
Mozjs115 | Ubuntu | oracular | * |
Mozjs52 | Ubuntu | esm-infra/bionic | * |
Mozjs52 | Ubuntu | focal | * |
Mozjs68 | Ubuntu | focal | * |
Mozjs78 | Ubuntu | jammy | * |
Mozjs91 | Ubuntu | jammy | * |
Thunderbird | Ubuntu | focal | * |
Thunderbird | Ubuntu | jammy | * |