N/A

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6.

N/A

N/A

Mozilla Firefox 权限许可和访问控制问题漏洞

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 中存在权限许可和访问控制问题漏洞，该漏洞源于产品中由文档创建的沙箱缺少有效的权限管理措施。攻击者可通过该漏洞绕过安全限制。

N/A

N/A