Process isolation bypass using "javascript:" URI links in cross-origin frames

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended frame, potentially enabling a sandbox escape. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.

N/A

N/A

Mozilla Firefox 安全漏洞

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 138之前版本存在安全漏洞，该漏洞源于对javascript: URI处理不当，可能导致沙箱逃逸。

N/A

N/A