During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 105.0 | |
firefox_esr | lt | 102.3 | |
thunderbird | lt | 102.3 |