Уязвимость CVE-2022-22759

Пакет	Статус	Версия исправления	Тип
firefox	fixed	97.0-1	package
firefox-esr	fixed	91.6.0esr-1	package
thunderbird	fixed	1:91.6.0-1	package

CVE-2022-22759

CVSS3: 9.6

ubuntu

больше 2 лет назад

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-22759

CVSS3: 9.6

redhat

больше 3 лет назад

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

CVE-2022-22759

CVSS3: 9.6

nvd

больше 2 лет назад

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

GHSA-7qpp-mq9c-7449

CVSS3: 9.6

github

больше 2 лет назад

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

BDU:2022-00809

CVSS3: 5.4

fstec

больше 3 лет назад

Уязвимость элемента iframe браузера Mozilla Firefox, позволяющая нарушителю обойти введенные ограничения безопасности

exploitDog

CVE-2022-22759

Описание

Пакеты

Примечания

Связанные уязвимости