Vulnerability identifier: #VU32901
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions, when allowing popups. A remote attacker can create a specially crafted web page with
noopener links that may allow an attacker to bypass iframe sandbox for websites relying on sandbox configurations, if
allow-popups flag is set.
Install updates from vendor's website.
Vulnerable software versions
Mozilla Firefox: 70.0 - 78.0.2
Firefox ESR: 78.0 - 78.0.2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?