Описание
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
The Mozilla Foundation Security Advisory describes this flaw as:
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2021:4116 | 03.11.2021 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2021:4134 | 04.11.2021 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2021:4123 | 03.11.2021 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2021:4130 | 04.11.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | thunderbird | Fixed | RHSA-2021:4133 | 04.11.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | firefox | Fixed | RHSA-2021:4607 | 10.11.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | thunderbird | Fixed | RHSA-2021:4132 | 04.11.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | firefox | Fixed | RHSA-2021:4605 | 10.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
10 Critical
CVSS3
Связанные уязвимости
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
The iframe sandbox rules were not correctly applied to XSLT stylesheet ...
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
Уязвимость браузера Mozilla Firefox, связанная с ошибками в настройках безопасности, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
10 Critical
CVSS3