CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

wad.ojooo.com IFRAME Injection vulnerability OBB-2290219

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The vulnerability of the Mozilla Firefox browser, related to security configuration errors, allows attackers to circumvent existing security restrictions.

The vulnerability of the Mozilla Firefox browser is related to errors in the configuration of security rules for iframe-based tables in XSLT stylesheets. Exploiting this vulnerability allows an attacker to circumvent existing security restrictions by using iframes to bypass limitations such as...

Microsoft Edge (Chromium) < 96.0.1052.29 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 96.0.1052.29. It is, therefore, affected by multiple vulnerabilities as referenced in the November 19, 2021 advisory. - Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a...

openSUSE 15 Security Update : opera (openSUSE-SU-2021:1488-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1488-1 advisory. - Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to...

Chromium: CVE-2021-38017 Insufficient policy enforcement in iframe sandbox

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Ubuntu 21.10 : Thunderbird vulnerabilities (USN-5152-1)

The remote Ubuntu 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5152-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker...

Google Chrome iframe sandbox security bypass vulnerability

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome iframe sandbox that stems from improper policy enforcement in the product's iframe sandbox. An attacker can exploit the vulnerability to bypass security restrictions...

CentOS 7 : thunderbird (RHSA-2021:4134)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4134 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

CentOS 7 : firefox (RHSA-2021:4116)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4116 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

Google Chrome 权限许可和访问控制问题漏洞

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome iframe sandbox that stems from improper policy enforcement in the product's iframe sandbox. An attacker can exploit the vulnerability to bypass security restrictions...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 25 security fixes, including: 1263620 High CVE-2021-38008: Use after free in media. Reported by Marcin Towalski of Cisco Talos on 2021-10-26 1260649 High CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera @lbherrera on...

Judge.me : Self-XSS due to image URL can be eploited via XSSJacking techniques in review email

A self-XSS vulnerability was discovered in Judge.me due to the image URL of recommendations in the reviewer profile that could be exploited via XSSJacking techniques in the review email. An attacker could insert a payload in the image URL of recommendations and then use XSSJacking techniques to...

RHEL 8 : firefox (RHSA-2021:4607)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:4607 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

Mozilla Firefox Security Advisory (MFSA2014-66) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

MGASA-2021-0505 Updated firefox packages fix security vulnerability

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...

MGASA-2021-0506 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's...

Updated firefox packages fix security vulnerability

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-fre...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame CVE-2021-38503. When interacting with an HTML input element's...

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...