CVE-2020-15648 (NVD)

2020-08-10

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.

Products Firefox, Thunderbird
Type Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
First patch - None (likely due to unavailable code)
Links https://www.mozilla.org/security/advisories/mfsa2020-28/
https://bugzilla.mozilla.org/show_bug.cgi?id=1644076
https://www.mozilla.org/security/advisories/mfsa2020-29/