Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-38503

Опубликовано: 08 дек. 2021
Источник: debian
EPSS Низкий

Описание

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed94.0-1package
firefox-esrfixed91.3.0esr-1package
thunderbirdfixed1:91.3.0-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503

  • https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503

  • https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503

EPSS

Процентиль: 76%
0.01026
Низкий

Связанные уязвимости

CVSS3: 10
ubuntu
больше 3 лет назад

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

CVSS3: 10
redhat
почти 4 года назад

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

CVSS3: 10
nvd
больше 3 лет назад

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

CVSS3: 10
github
больше 3 лет назад

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

CVSS3: 8.1
fstec
почти 4 года назад

Уязвимость браузера Mozilla Firefox, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 76%
0.01026
Низкий