By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | firefox | < 79.0-1 | firefox_79.0-1_all.deb |
Debian | 12 | all | firefox-esr | < 68.11.0esr-1 | firefox-esr_68.11.0esr-1_all.deb |
Debian | 11 | all | firefox-esr | < 68.11.0esr-1 | firefox-esr_68.11.0esr-1_all.deb |
Debian | 10 | all | firefox-esr | < 68.11.0esr-1~deb10u1 | firefox-esr_68.11.0esr-1~deb10u1_all.deb |
Debian | 999 | all | firefox-esr | < 68.11.0esr-1 | firefox-esr_68.11.0esr-1_all.deb |
Debian | 13 | all | firefox-esr | < 68.11.0esr-1 | firefox-esr_68.11.0esr-1_all.deb |
Debian | 12 | all | thunderbird | < 1:68.11.0-1 | thunderbird_1:68.11.0-1_all.deb |
Debian | 11 | all | thunderbird | < 1:68.11.0-1 | thunderbird_1:68.11.0-1_all.deb |
Debian | 10 | all | thunderbird | < 1:68.11.0-1~deb10u1 | thunderbird_1:68.11.0-1~deb10u1_all.deb |
Debian | 999 | all | thunderbird | < 1:68.11.0-1 | thunderbird_1:68.11.0-1_all.deb |