Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
The product does not properly verify that the source of data or communication is valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 93.0 (excluding) |
Firefox_esr | Mozilla | * | 91.2 (excluding) |
Thunderbird | Mozilla | * | 91.2 (excluding) |