CVE-2022-22759

CVSS v3.1 9.6 (Critical)

EPSS 0.19 % (56^th)

Affected Products 3

Advisories 27

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2022-12-22 20:15:19
(21 months ago)
Updated Date: 2022-12-29 22:51:42
(20 months ago)

Affected Products

Mozilla

Firefox
Firefox Esr
Thunderbird

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 97.0 version	cpe:2.3:a:mozilla:firefox	< 97.0
Mozilla Firefox Esr prior 91.6 version	cpe:2.3:a:mozilla:firefox_esr	< 91.6
Mozilla Thunderbird prior 91.6 version	cpe:2.3:a:mozilla:thunderbird	< 91.6