Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5124 matches found

OSV
OSVadded 2022/12/22 8:15 p.m.1 views

DEBIAN-CVE-2022-22759

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...

9.6CVSS7.2AI score0.00743EPSS
Exploits0References1
OSV
OSVadded 2022/12/22 8:15 p.m.9 views

CVE-2022-22743

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

4.3CVSS8.7AI score
Exploits0References4
OSV
OSVadded 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2022-22743

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

4.3CVSS6.3AI score0.00643EPSS
Exploits0References1
NVD
NVDadded 2022/12/22 8:15 p.m.25 views

CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

10CVSS0.0134EPSS
Exploits1References4
OSV
OSVadded 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

10CVSS8.4AI score0.0134EPSS
Exploits1References1
OSV
OSVadded 2022/12/22 8:15 p.m.8 views

CVE-2021-4140

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

10CVSS8.8AI score
Exploits0References4
Prion
Prionadded 2022/12/22 8:15 p.m.28 views

Cross site scripting

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions such as microphone or camera access. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...

6.8CVSS8.1AI score0.00684EPSS
Exploits0References6Affected Software3
Prion
Prionadded 2022/12/22 8:15 p.m.25 views

Cross site request forgery (csrf)

When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird 102.2.1 and Thunderbird 91.13.1...

4.3CVSS5.6AI score0.00529EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2022/12/22 8:15 p.m.19 views

Spoofing

Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

4.3CVSS6.8AI score0.0057EPSS
Exploits0References4Affected Software3
Prion
Prionadded 2022/12/22 8:15 p.m.19 views

Design/Logic Flaw

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...

5.8CVSS6.7AI score0.00406EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2022/12/22 8:15 p.m.20 views

Spoofing

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

5.8CVSS6AI score0.00557EPSS
Exploits1References4Affected Software3
Prion
Prionadded 2022/12/22 8:15 p.m.27 views

Hardcoded credentials

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

4.3CVSS6.9AI score0.00663EPSS
Exploits0References3Affected Software1
Prion
Prionadded 2022/12/22 8:15 p.m.14 views

Input validation

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

5.8CVSS6.9AI score0.00561EPSS
Exploits0References4Affected Software3
Prion
Prionadded 2022/12/22 8:15 p.m.26 views

Code injection

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91....

6.8CVSS8.5AI score0.00931EPSS
Exploits1References4Affected Software3
Prion
Prionadded 2022/12/22 8:15 p.m.11 views

Spoofing

When exiting fullscreen mode, an iframe could have confused the browser about the current state of fullscreen, resulting in potential user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

4.3CVSS7AI score0.00584EPSS
Exploits0References4Affected Software3
Prion
Prionadded 2022/12/22 8:15 p.m.20 views

Code injection

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...

6.8CVSS8.3AI score0.00743EPSS
Exploits0References4Affected Software3
Prion
Prionadded 2022/12/22 8:15 p.m.19 views

Code injection

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

6.8CVSS8.2AI score0.00937EPSS
Exploits0References4Affected Software3
Cvelist
Cvelistadded 2022/12/22 12:0 a.m.21 views

CVE-2022-34474

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...

7.2AI score0.00406EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/12/22 12:0 a.m.20 views

CVE-2022-38473

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions such as microphone or camera access. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...

8.5AI score0.00684EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2022/12/22 12:0 a.m.3 views

CVE-2022-38473

A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions such as microphone or camera access. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...

6.4AI score0.00684EPSS
Exploits0References6
Rows per page
Query Builder