An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 102.0 (excluding) |
Firefox_esr | Mozilla | * | 91.11 (excluding) |
Thunderbird | Mozilla | * | 91.11 (excluding) |