103 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
If a document creates a sandboxed iframe without allow-scripts, and then appends an element to the iframe’s document that has a JavaScript event handler—the event handler will still be executed despite the iframe being in a sandbox. This vulnerability affects Firefox versions earlier than 97,...
Astra Linux – Vulnerability in Firefox
Using a redirect embedded in sourceMappingUrls may allow navigation to external protocol links within sandboxed iframes, without the requirement of allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
CVE-2026-47901
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...
Next.js: null origin can bypass Server Actions CSRF checks
Summary origin: null was treated as a "missing" origin during Server Action CSRF validation. As a result, requests from opaque contexts such as sandboxed iframes could bypass origin verification instead of being validated as cross-origin requests. Impact An attacker could induce a victim browser ...
CVE-2025-65203
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials...
CVE-2025-65203
KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials...
PT-2025-51850
Name of the Vulnerable Software and Affected Versions KeePassXC-Browser versions through 1.9.9.2 Description The software autofills or prompts users to fill stored credentials into documents rendered under a browser-enforced Content Security Policy CSP directive and iframe attribute sandbox. This...
SUSE CVE-2025-11716
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...
EUVD-2023-33082
Malicious code in bioql PyPI...
CVE-2025-54143
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-8042
Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability affects Firefox 141...
CVE-2025-54143
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-54143
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS 141...
CVE-2025-54143
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS 141...
CVE-2025-54143
CVE-2025-54143 is tied to Firefox for iOS prior to version 141. The issue arises from sandboxed iframes on web pages that could bypass the parent page’s sandbox restrictions, potentially allowing downloads to the device. Affected product: Firefox for iOS
CVE-2025-54143 Sandboxed iframes could allow local downloads despite sandbox restrictions
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...
CVE-2025-54143 Sandboxed iframes could allow local downloads despite sandbox restrictions
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...
Linux Distros Unpatched Vulnerability : CVE-2025-54143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This...
Linux Distros Unpatched Vulnerability : CVE-2022-26384
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, wou...
PT-2025-31712 · Mozilla +1 · Firefox For Ios +9
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 141 Description: Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. Recommendations: Update Firefox for iOS...