SB2025060670 - openEuler 22.03 LTS SP4 update for firefox
Published: June 6, 2025
Security Bulletin ID
SB2025060670
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2024-5689)
The vulnerability allows a remote attacker to perform phishing attack.
The vulnerability exists due user confusion when taking screenshots with Firefox. In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the "My Shots" button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing.
Remediation
Install update from vendor's website.