AI Score
Confidence
High
EPSS
Percentile
16.0%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
total
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.
[
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
],
"vendor": "mozilla",
"product": "firefox",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "128",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]