Описание
Уязвимость браузеров Mozilla Firefox, Firefox ESR связана с неправильным кодированием или экранированием выходных данных при обработке тега embed. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, обойти существующие ограничения безопасности и перенаправить пользователя на другой веб-сайт
Вендор
Наименование ПО
Версия ПО
Тип ПО
Операционные системы и аппаратные платформы
Уровень опасности уязвимости
Возможные меры по устранению уязвимости
Статус уязвимости
Наличие эксплойта
Информация об устранении
Идентификаторы других систем описаний уязвимостей
- CVE
- MFSA
- MFSA
EPSS
6.5 Medium
CVSS3
7.8 High
CVSS2
Связанные уязвимости
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
Firefox could have incorrectly parsed a URL and rewritten it to the yo ...
Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12.
EPSS
6.5 Medium
CVSS3
7.8 High
CVSS2