Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-4140

Опубликовано: 11 янв. 2022
Источник: redhat
CVSS3: 9.6
EPSS Низкий

Описание

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxFixedRHSA-2022:012412.01.2022
Red Hat Enterprise Linux 7thunderbirdFixedRHSA-2022:012712.01.2022
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2022:012912.01.2022
Red Hat Enterprise Linux 8firefoxFixedRHSA-2022:013012.01.2022
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsfirefoxFixedRHSA-2022:012512.01.2022
Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsthunderbirdFixedRHSA-2022:013112.01.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportthunderbirdFixedRHSA-2022:012312.01.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportfirefoxFixedRHSA-2022:013212.01.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-1021
https://bugzilla.redhat.com/show_bug.cgi?id=2039568Mozilla: Iframe sandbox bypass with XSLT

EPSS

Процентиль: 22%
0.00069
Низкий

9.6 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-4140

CVSS3: 10
ubuntu
больше 2 лет назад

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

nvd логотип

CVE-2021-4140

CVSS3: 10
nvd
больше 2 лет назад

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

debian логотип

CVE-2021-4140

CVSS3: 10
debian
больше 2 лет назад

It was possible to construct specific XSLT markup that would be able t ...

github логотип

GHSA-h5mr-xp97-c4p5

CVSS3: 10
github
больше 2 лет назад

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.

fstec логотип

BDU:2022-00294

CVSS3: 8.8
fstec
больше 3 лет назад

Уязвимость изолированной среды iframe почтового клиента Thunderbird, браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти изолированную программную среду iframe и выполнить произвольный код JavaScript в контексте произвольного окна

EPSS

Процентиль: 22%
0.00069
Низкий

9.6 Critical

CVSS3