Описание
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-15653
- https://bugzilla.mozilla.org/show_bug.cgi?id=1521542
- https://usn.ubuntu.com/4443-1
- https://www.mozilla.org/security/advisories/mfsa2020-30
- https://www.mozilla.org/security/advisories/mfsa2020-32
- https://www.mozilla.org/security/advisories/mfsa2020-33
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
Связанные уязвимости
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
An iframe sandbox element with the allow-popups flag could be bypassed ...
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с неправильными настройками прав доступа по умолчанию, позволяющая нарушителю обойти существующие ограничения безопасности