CVE-2021-38503 - log back

CVE-2021-38503 edited at 03 Nov 2021 16:42:39
Description
- The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
+ A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
References
https://www.mozilla.org/security/advisories/mfsa2021-48/
+ https://www.mozilla.org/security/advisories/mfsa2021-50/
https://bugzilla.mozilla.org/show_bug.cgi?id=1729517
CVE-2021-38503 created at 02 Nov 2021 13:16:47
Severity
+ High
Remote
+ Remote
Type
+ Sandbox escape
Description
+ The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
References
+ https://www.mozilla.org/security/advisories/mfsa2021-48/
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1729517
Notes