N/A

Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18.

N/A

N/A

Mozilla Firefox 安全漏洞

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 133之前版本存在安全漏洞，该漏洞源于允许用户接触到伪装成合法内容的恶意框架。

N/A

N/A