CVE-2021-4140
CVSS v3.1
10 (Critical)
EPSS
0.25 % (66th)
Affected Products
3
Advisories
28
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.
Weaknesses
- CWE-91
- XML Injection (aka Blind XPath Injection)
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2022-12-22 20:15:12
(21 months ago) - Updated Date
-
2023-01-03 20:03:32
(20 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...