Sign in Sign up
Explore Enterprise Education Gitee Premium 模力方舟
Scan WeChat QR to Pay
Cancel
Complete
Watch
Unwatch Watching Releases Only Ignoring
123 Star 0 Fork 55

src-openEuler/firefox

Code Issues 579 Pull Requests 0 Wiki Insights Pipelines
Service
Issues
 / 详情

CVE-2023-37210

已挂起
CVE和安全问题
openeuler-ci-bot
owner
Opened this issue  
2023-07-05 00:41

一、漏洞信息
漏洞编号:CVE-2023-37210
漏洞归属组件:firefox
漏洞归属的版本:100.0.2,102.11.0,102.13.0,102.8.0,102.9.0,62.0.3,79.0
CVSS V3.0分值:
BaseScore:6.5 Medium
Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
漏洞简述:
A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115.
漏洞公开时间:2023-07-05 18:15:09
漏洞创建时间:2023-07-04 16:41:26
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2023-37210

更多参考(点击展开)
参考来源 参考链接 来源链接
security.mozilla.org https://bugzilla.mozilla.org/show_bug.cgi?id=1821886
security.mozilla.org https://security.gentoo.org/glsa/202401-10
security.mozilla.org https://www.mozilla.org/security/advisories/mfsa2023-22/
firefox https://bugzilla.mozilla.org/show_bug.cgi?id=1821886 https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/
gentoo https://security.gentoo.org/glsa/202401-10
cve_search https://www.mozilla.org/security/advisories/mfsa2023-22/
cve_search https://bugzilla.mozilla.org/show_bug.cgi?id=1821886
amazon_linux_explore https://access.redhat.com/security/cve/CVE-2023-37210 https://explore.alas.aws.amazon.com/CVE-2023-37210.html
amazon_linux_explore https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37210 https://explore.alas.aws.amazon.com/CVE-2023-37210.html
snyk https://www.mozilla.org/security/advisories/mfsa2023-22/ https://security.snyk.io/vuln/SNYK-UNMANAGED-FIREFOX-5753315
snyk https://bugzilla.mozilla.org/show_bug.cgi?id=1821886 https://security.snyk.io/vuln/SNYK-UNMANAGED-FIREFOX-5753315
nvd https://www.mozilla.org/security/advisories/mfsa2023-22/
nvd https://bugzilla.mozilla.org/show_bug.cgi?id=1821886
redhat https://access.redhat.com/security/cve/CVE-2023-37210

漏洞分析指导链接:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息:

详情(点击展开)
影响的包 修复版本 修复补丁 问题引入补丁 来源
https://bugzilla.mozilla.org/show_bug.cgi?id=1821886 nvd
https://www.mozilla.org/security/advisories/mfsa2023-22/ nvd

二、漏洞分析结构反馈
影响性分析说明:
该漏洞通过升级128.7版本修复
openEuler评分:
6.5
Vector:CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP4(79.0):受影响
2.openEuler-22.03-LTS-SP3(128.9.0):受影响
3.openEuler-22.03-LTS-SP4(128.9.0):受影响
4.master(128.9.0):不受影响
5.openEuler-24.03-LTS(128.9.0):不受影响
6.openEuler-24.03-LTS-Next(128.9.0):不受影响
7.openEuler-24.03-LTS-SP1(128.9.0):不受影响
8.openEuler-24.03-LTS-SP2(128.9.0):

修复是否涉及abi变化(是/否):
1.master(128.9.0):否
2.openEuler-20.03-LTS-SP4(79.0):否
3.openEuler-22.03-LTS-SP3(128.9.0):否
4.openEuler-22.03-LTS-SP4(128.9.0):否
5.openEuler-24.03-LTS(128.9.0):否
6.openEuler-24.03-LTS-Next(128.9.0):否
7.openEuler-24.03-LTS-SP1(128.9.0):否
8.openEuler-24.03-LTS-SP2(128.9.0):

原因说明:
1.openEuler-22.03-LTS-SP3(128.9.0):正常修复
2.openEuler-22.03-LTS-SP4(128.9.0):正常修复
3.openEuler-20.03-LTS-SP4(79.0):暂不修复-待升级版本修复
4.master(128.9.0):不受影响-漏洞代码不存在
5.openEuler-24.03-LTS(128.9.0):不受影响-漏洞代码不存在
6.openEuler-24.03-LTS-Next(128.9.0):不受影响-漏洞代码不存在
7.openEuler-24.03-LTS-SP1(128.9.0):不受影响-漏洞代码不存在
8.openEuler-24.03-LTS-SP2(128.9.0):

Comments (8)

5329419 openeuler ci bot 1632792936
openeuler-ci-bot createdCVE和安全问题 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot added
 
CVE/UNFIXED
label 2 years ago
Expand operation logs

@AlexZ11 ,@small_leek ,@jimmy_hero ,@zhuchunyi ,@caodongxia
issue处理注意事项:
1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;
2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;
3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否))不能省略,省略后cve-manager将无法正常解析填写内容.

影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP1(79.0):
2.openEuler-20.03-LTS-SP3(79.0):
3.openEuler-22.03-LTS(102.11.0):
4.openEuler-22.03-LTS-SP1(102.11.0):
5.openEuler-22.03-LTS-SP2(102.11.0):

修复是否涉及abi变化(是/否):
1.openEuler-20.03-LTS-SP1(79.0):
2.openEuler-20.03-LTS-SP3(79.0):
3.openEuler-22.03-LTS(102.11.0):
4.openEuler-22.03-LTS-SP1(102.11.0):
5.openEuler-22.03-LTS-SP2(102.11.0):

issue处理具体操作请参考:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Application, and any of the maintainers: @AlexZ11 , @small_leek , @jimmy_hero , @zhuchunyi , @caodongxia
5329419 openeuler ci bot 1632792936
openeuler-ci-bot added
 
sig/Application
label 2 years ago
参考网址 关联pr 状态 补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2023-37210
https://ubuntu.com/security/CVE-2023-37210NoneNonehttps://discourse.ubuntu.com/c/ubuntu-pro
https://www.opencve.io/cve/CVE-2023-37210
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-37210
https://security-tracker.debian.org/tracker/CVE-2023-37210
http://www.cnnvd.org.cn/web/vulnerability/queryLds.tag?qcvCnnvdid=CVE-2023-37210

说明:补丁链接仅供初步排查参考,实际可用性请人工再次确认,补丁下载验证可使用CVE补丁工具
若补丁不准确,烦请在此issue下评论 '/report-patch 参考网址 补丁链接1,补丁链接2' 反馈正确信息,便于我们不断优化工具,不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 2 years ago
wk333-wk333 wk333 member 2 years ago
复制链接地址

该漏洞在115版本修复,当前维护版本为firefox-esr版本,上游未有明确firefox-esr修复版本,暂时挂起
wk333-wk333
wk333 changed issue state from 待办的 to 已挂起 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot set start time to 2023-07-05 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot set deadline to 2023-08-04 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot set priority to Secondary 2 years ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed issue state from 已挂起 to 待办的 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed start time from 2023-07-05 to 2024-09-11 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed deadline from 2023-08-04 to 2024-10-11 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 7 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 6 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 6 months ago
wk333-wk333
wk333 related pull requestsrc-openEuler/firefox Pull Request !261 2 months ago
wk333-wk333
wk333 related pull requestsrc-openEuler/firefox Pull Request !262 2 months ago
wk333-wk333 wk333 member 2 months ago
复制链接地址

影响性分析说明:
该漏洞通过升级128.7版本修复

受影响版本排查(受影响/不受影响):
1.master:不受影响
2.openEuler-20.03-LTS-SP4:受影响
3.openEuler-22.03-LTS-SP3:受影响
4.openEuler-22.03-LTS-SP4:受影响
5.openEuler-24.03-LTS:不受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:不受影响

修复是否涉及abi变化(是/否):
1.master:否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP3:否
4.openEuler-22.03-LTS-SP4:否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-24.03-LTS-SP1:否

原因说明:
1.master:不受影响-漏洞代码不存在
2.openEuler-20.03-LTS-SP4:暂不修复-待升级版本修复
3.openEuler-22.03-LTS-SP3:正常修复
6.openEuler-22.03-LTS-SP4:正常修复
5.openEuler-24.03-LTS:不受影响-漏洞代码不存在
6.openEuler-24.03-LTS-Next:不受影响-漏洞代码不存在
7.openEuler-24.03-LTS-SP1:不受影响-漏洞代码不存在
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 2 months ago

@AlexZ11 经过 cve-manager 解析, 已分析的内容如下表所示:

状态 分析项目 内容
已分析 1.影响性分析说明 该漏洞通过升级128.7版本修复
已分析 2.openEulerScore 6.5
已分析 3.openEulerVector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
已分析 4.受影响版本排查 openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:受影响,master:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响,openEuler-24.03-LTS-SP1:不受影响
已分析 5.是否涉及abi变化 master:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS-SP3:否,openEuler-22.03-LTS-SP4:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-24.03-LTS-SP1:否
已分析 6.原因说明 openEuler-22.03-LTS-SP3:正常修复,openEuler-22.03-LTS-SP4:正常修复,openEuler-20.03-LTS-SP4:暂不修复-待升级版本修复,master:不受影响-漏洞代码不存在,openEuler-24.03-LTS:不受影响-漏洞代码不存在,openEuler-24.03-LTS-Next:不受影响-漏洞代码不存在,openEuler-24.03-LTS-SP1:不受影响-漏洞代码不存在

请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed issue state from 待办的 to 进行中 2 months ago
wk333-wk333 wk333 member 2 months ago
复制链接地址

openEuler评分:
BaseScore: 6.5 Medium
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

@AlexZ11 经过 cve-manager 解析, 已分析的内容如下表所示:

状态 分析项目 内容
已分析 1.影响性分析说明 该漏洞通过升级128.7版本修复
已分析 2.openEulerScore 6.5
已分析 3.openEulerVector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
已分析 4.受影响版本排查 openEuler-20.03-LTS-SP4:受影响,openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:受影响,master:不受影响,openEuler-24.03-LTS:不受影响,openEuler-24.03-LTS-Next:不受影响,openEuler-24.03-LTS-SP1:不受影响
已分析 5.是否涉及abi变化 master:否,openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS-SP3:否,openEuler-22.03-LTS-SP4:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-24.03-LTS-SP1:否
已分析 6.原因说明 openEuler-22.03-LTS-SP3:正常修复,openEuler-22.03-LTS-SP4:正常修复,openEuler-20.03-LTS-SP4:暂不修复-待升级版本修复,master:不受影响-漏洞代码不存在,openEuler-24.03-LTS:不受影响-漏洞代码不存在,openEuler-24.03-LTS-Next:不受影响-漏洞代码不存在,openEuler-24.03-LTS-SP1:不受影响-漏洞代码不存在

请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 2 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed issue state from 进行中 to 已挂起 2 months ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description a month ago
5329419 openeuler ci bot 1632792936
openeuler-ci-bot changed description 8 days ago

Sign in to comment

Status
Assignees
Projects
Unprojected
Unprojected
Pull Requests
None yet
Update 128.7.0 Update 128.7.0
None yet
Successfully merging a pull request will close this issue.
Duration (hours)
Planed to start   -   Planed to end
-
Top level
Not Top
Not Top
Top Level: High
Top Level: Medium
Top Level: Low
Priority
Secondary
Not specified
Serious
Main
Secondary
Unimportant
Labels
CVE/UNFIXED
sig/Application
Milestones
No related milestones
No related milestones
Branches
No related branch
Branches (25)
Tags (42)
master
openEuler-24.03-LTS-Next
openEuler-24.03-LTS-SP2
openEuler-24.03-LTS-SP1
openEuler-24.03-LTS
openEuler-22.03-LTS-SP4
openEuler-22.03-LTS-SP3
openEuler-25.03
openEuler-20.03-LTS-SP4
openEuler-24.09
openEuler-22.03-LTS-SP1
openEuler-22.03-LTS
openEuler-20.03-LTS-SP1
openEuler-22.03-LTS-SP2
openEuler-22.03-LTS-Next
openEuler-20.03-LTS-SP3
openEuler-23.09
openEuler-23.03
openEuler-22.09
openEuler-20.03-LTS-SP2
openEuler-21.09
openEuler-21.03
openEuler-20.03-LTS-Next
openEuler-20.03-LTS
openEuler-20.09
openEuler-24.03-LTS-update-20250411
openEuler-22.03-LTS-SP3-update-20250411
openEuler-24.03-LTS-SP1-update-20250411
openEuler-22.03-LTS-SP4-update-20250411
openEuler-20.03-LTS-SP4-update-20250403
openEuler-25.03-release
openEuler-24.03-LTS-update-20250314
openEuler-24.03-LTS-SP1-update-20250314
openEuler-22.03-LTS-SP3-update-20250314
openEuler-22.03-LTS-SP4-update-20250314
openEuler-24.03-LTS-update-20250208
openEuler-24.03-LTS-SP1-update-20250208
openEuler-24.03-LTS-update-20250117
openEuler-24.03-LTS-SP1-update-20250117
openEuler-24.03-LTS-SP1-release
openEuler-24.03-LTS-update-20241206
openEuler-24.03-LTS-update-20241122
openEuler-24.03-LTS-update-20241108
openEuler-22.03-LTS-SP4-update-before-20241025
openEuler-22.03-LTS-SP4-before-20241025
openEuler-24.03-LTS-update-20241101
openEuler-24.03-LTS-update-20241018
openEuler-22.03-LTS-SP4-release
openEuler-24.09-release
openEuler-24.03-LTS-release
openEuler-22.03-LTS-SP3-release
openEuler-23.09-rc5
openEuler-22.03-LTS-SP1-release
openEuler-22.09-release
openEuler-22.09-rc5
openEuler-22.09-20220829
openEuler-22.03-LTS-20220331
openEuler-22.03-LTS-round5
openEuler-22.03-LTS-round3
openEuler-22.03-LTS-round2
openEuler-22.03-LTS-round1
openEuler-20.03-LTS-SP3-release
openEuler-20.03-LTS-SP2-20210624
openEuler-21.03-20210330
openEuler-20.09-20200928
openEuler-20.03-LTS-20200606
openEuler-20.03-LTS-tag
参与者(2)
5329419 openeuler ci bot 1632792936 wk333-wk333
1
https://gitee.com/src-openeuler/firefox.git
git@gitee.com:src-openeuler/firefox.git
src-openeuler
firefox
firefox
Going to Help Center

Search

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
Repository Report
Back to the top