发布时间: 2025年1月24日
修改时间: 2025年1月24日
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | |
| Attack Vector | Adjacent | |
| CVSS评分 | N/A | 5.5 |
| Attack Complexity | Low | |
| Privileges Required | Low | |
| Scope | Unchanged | |
| Integrity | Low | |
| User Interaction | None | |
| Availability | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-1255 | firefox security update | 2025年3月6日 |
| 产品 | 包 | 状态 |
|---|---|---|
| V6 | firefox | Fixed |
