MEDIUM6.5
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:NCVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NReferences
- https://bugzilla.mozilla.org/show_bug.cgi?id=1644076
- https://www.mozilla.org/security/advisories/mfsa2020-28/
- https://www.mozilla.org/security/advisories/mfsa2020-29/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1644076
- https://www.mozilla.org/security/advisories/mfsa2020-28/
- https://www.mozilla.org/security/advisories/mfsa2020-29/