Note:
This project will be discontinued after December 13, 2021. [more]
2020-08-10
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
Products | Firefox, Thunderbird |
Type | Improper Restriction of Rendered UI Layers or Frames (CWE-1021) |
First patch | - None (likely due to unavailable code) |
Links |
• https://www.mozilla.org/security/advisories/mfsa2020-28/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1644076 • https://www.mozilla.org/security/advisories/mfsa2020-29/ |