Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

CVE-2021-38503

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

Mozilla Thunderbird < 91.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-50 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-5131-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5131-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

Mozilla Thunderbird < 91.3

The version of Thunderbird installed on the remote Windows host is prior to 91.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-50 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions...

Security Vulnerabilities fixed in Thunderbird 91.3 — Mozilla

Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...

UBUNTU-CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

DEBIAN-CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

Design/Logic Flaw

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

UBUNTU-CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2021-37994

CVE-2021-37994 affects the iFrame Sandbox component in Chromium/Google Chrome prior to version 95.0.4638.54. The root cause is an inappropriate implementation in iFrame Sandbox that lets a remote attacker bypass navigation restrictions via a crafted HTML page. The issue is mitigated by upgrading ...

CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2021-37994

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

Mozilla Firefox < 94.0

The version of Firefox installed on the remote Windows host is prior to 94.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-48 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such...

Security Vulnerabilities fixed in Firefox ESR 91.3 — Mozilla

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have...

Security Vulnerabilities fixed in Firefox 94 — Mozilla

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have...