vulnerability
Oracle Linux: CVE-2021-38503: ELSA-2021-4116: firefox security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Nov 2, 2021 | Nov 4, 2021 | Dec 3, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Nov 2, 2021
Added
Nov 4, 2021
Modified
Dec 3, 2025
Description
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
The Mozilla Foundation Security Advisory describes this flaw as:
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
The Mozilla Foundation Security Advisory describes this flaw as:
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.
Solutions
oracle-linux-upgrade-firefoxoracle-linux-upgrade-thunderbird
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.