During iframe navigation, certain pages did not have...
Moderate severity
Unreviewed
Published
Dec 22, 2022
to the GitHub Advisory Database
•
Updated Jan 28, 2023
Description
Published by the National Vulnerability Database
Dec 22, 2022
Published to the GitHub Advisory Database
Dec 22, 2022
Last updated
Jan 28, 2023
During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
References