A cross-origin iframe referencing an XSLT document would inherit the parent domain’s permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
[
{
"vendor": "Mozilla",
"product": "Thunderbird",
"versions": [
{
"version": "unspecified",
"lessThan": "102.2",
"status": "affected",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "91.13",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Mozilla",
"product": "Firefox ESR",
"versions": [
{
"version": "unspecified",
"lessThan": "91.13",
"status": "affected",
"versionType": "custom"
},
{
"version": "unspecified",
"lessThan": "102.2",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "Mozilla",
"product": "Firefox",
"versions": [
{
"version": "unspecified",
"lessThan": "104",
"status": "affected",
"versionType": "custom"
}
]
}
]