Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
References
Link | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2020-28/ | Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2020-29/ | Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1644076 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-08-10 11:15
Updated : 2020-08-12 09:27
NVD link : CVE-2020-15648
Mitre link : CVE-2020-15648
JSON object : View
CWE
CWE-1021
Improper Restriction of Rendered UI Layers or Frames
Products Affected
mozilla
- firefox
- thunderbird