Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-38503 - log back

CVE-2021-38503 edited at 03 Nov 2021 16:42:39

Description

-	The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
+	A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.

References

	https://www.mozilla.org/security/advisories/mfsa2021-48/
+	https://www.mozilla.org/security/advisories/mfsa2021-50/
	https://bugzilla.mozilla.org/show_bug.cgi?id=1729517

CVE-2021-38503 created at 02 Nov 2021 13:16:47

Severity

+

High

Remote

+

Remote

Type

+	Sandbox escape

Description

+	The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.

References

+	https://www.mozilla.org/security/advisories/mfsa2021-48/
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1729517

Notes