Описание
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 97.0+build2-0ubuntu0.18.04.1 |
| devel | released | 97.0+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 97.0+build2-0ubuntu0.20.04.1 |
| impish | released | 97.0+build2-0ubuntu0.21.10.1 |
| jammy | released | 97.0+build2-0ubuntu1 |
| kinetic | released | 97.0+build2-0ubuntu1 |
| lunar | released | 97.0+build2-0ubuntu1 |
| trusty | ignored | end of standard support |
Показывать по
EPSS
8.8 High
CVSS3
Связанные уязвимости
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.
By using XSL Transforms, a malicious webserver could have served a use ...
By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute JavaScript (within the bounds of the same-origin policy) even after the tab was closed. This vulnerability affects Firefox < 97.
Уязвимость браузера Mozilla Firefox, связанная с недостаточным контролем ресурса в период его существовования при преобразовании XML-документов, позволяющая нарушителю выполнить произвольный JavaScript-код
EPSS
8.8 High
CVSS3