Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2022-26384

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • Mozilla

Products

  • Firefox,
  • Firefox ESR,
  • Thunderbird

Additional Info

Technical Analysis