CVE-2021-38503 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Sandbox escape |
| Description | A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2518 | thunderbird | 91.2.1-1 | 91.3.0-1 | High | Fixed | |
| AVG-2511 | firefox | 93.0-1 | 94.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 05 Nov 2021 | ASA-202111-3 | AVG-2518 | thunderbird | High | multiple issues |
| 05 Nov 2021 | ASA-202111-2 | AVG-2511 | firefox | High | multiple issues |
| References |
|---|
https://www.mozilla.org/security/advisories/mfsa2021-48/ https://www.mozilla.org/security/advisories/mfsa2021-50/ https://bugzilla.mozilla.org/show_bug.cgi?id=1729517 |