Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 78.0.2 | |
thunderbird | lt | 78.0 |