Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Mageia: 2022-0162 Moderate: Firefox Permission Exploits and Threats

mageia
Calendar Grey May 6, 2022
Dist Mageia Esm H88
Enhanced Chromium updates in Fedora address critical vulnerabilities linked to user authorizations and site isolation challenges.
Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting t...

Summary

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions (CVE-2022-29909).
Firefox did not properly protect against top-level navigations for an iframe sandbox with a policy relaxed through a keyword like allow-top-navigation-by-user-activation (CVE-2022-29911).
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute (CVE-2022-29912).
When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks (CVE-2022-29914).
Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history (CVE-2022-29916).
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory saf...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30367

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_78.html

- https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/

- https://www.cve.org/CVERecord?id=CVE-2022-29909

- https://www.cve.org/CVERecord?id=CVE-2022-29911

- https://www.cve.org/CVERecord?id=CVE-2022-29912

- https://www.cve.org/CVERecord?id=CVE-2022-29914

- https://www.cve.org/CVERecord?id=CVE-2022-29916

- https://www.cve.org/CVERecord?id=CVE-2022-29917

Topics%20covered

Topics Covered

security advisory update firefox permissions cross-origin mageia

Resolution

SRPMS

- 8/core/firefox-91.9.0-1.mga8

- 8/core/firefox-l10n-91.9.0-1.mga8

- 8/core/nss-3.78.0-1.mga8

Publication date: 06 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0162.html
Type: security
CVE: CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917

Topics%20covered

Topics Covered

security advisory update firefox permissions cross-origin mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here