CVE-2022-22759
CVSS v3.1
9.6 (Critical)
EPSS
0.19 % (56th)
Affected Products
3
Advisories
27
If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2022-12-22 20:15:19
(21 months ago) - Updated Date
-
2022-12-29 22:51:42
(20 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...