CVE-2021-4140

Опубликовано: 22 дек. 2022

Источник: debian

EPSS Низкий

Описание

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

Пакеты

Пакет	Статус	Версия исправления	Тип
firefox	fixed	96.0-1	package
firefox-esr	fixed	91.5.0esr-1	package
thunderbird	fixed	1:91.5.0-1	package

Примечания

https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2021-4140
https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2021-4140
https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140

EPSS

Процентиль: 22%

0.00069

Низкий

Связанные уязвимости

CVE-2021-4140

CVSS3: 10

ubuntu

больше 2 лет назад

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2021-4140

CVSS3: 9.6

redhat

больше 3 лет назад

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

CVE-2021-4140

CVSS3: 10

nvd

больше 2 лет назад

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

GHSA-h5mr-xp97-c4p5

CVSS3: 10

github

больше 2 лет назад

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

BDU:2022-00294

CVSS3: 8.8

fstec

больше 3 лет назад

Уязвимость изолированной среды iframe почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти изолированную программную среду iframe и выполнить произвольный код JavaScript в контексте произвольного окна

EPSS

Процентиль: 22%

0.00069

Низкий