CVE-2022-26384 log

Source
Severity High
Remote Yes
Type Unknown
Description
If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.
Group Package Affected Fixed Severity Status Ticket
AVG-2714 firefox 97.0.2-1 98.0-1 High Fixed
AVG-2713 thunderbird 91.6.2-1 91.7.0-1 High Fixed
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1744352