An attacker could have injected CSS into stylesheets accessible via internal URIs, such as resource:, and in doing so bypass a page’s Content Security Policy. This vulnerability affects Firefox ESR < 91.11, Thunderbird < 102, Thunderbird < 91.11, and Firefox < 101.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 101.0 | |
firefox_esr | lt | 91.11 | |
thunderbird | lt | 91.11 |