CVE-2022-26384

CRITICAL Year: 2022
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-693
View all →

Vulnerability Description

If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.

Related Vulnerabilities

CVE-2022-22759

CRITICAL
CVSS:9.6(Critical)

If a document created a sandboxed iframe without <code>allow-scripts</code>, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler ...

CWE-6932022

CVE-2023-33150

CRITICAL
CVSS:9.6(Critical)

Microsoft Office Security Feature Bypass Vulnerability

CWE-6932023

CVE-2013-2465

CRITICAL
CVSS:9.8(Critical)

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remot...

CWE-6932013

CVE-2017-3197

CRITICAL
CVSS:9.8(Critical)

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not ...

CWE-6932017

CVE-2017-8864

CRITICAL
CVSS:9.8(Critical)

Client-side enforcement using JavaScript of server-side security options on the Cohu 3960HD allows an attacker to manipulate options sent to the camera and cause malfunction or code execution, as demo...

CWE-6932017

CVE-2018-9311

CRITICAL
CVSS:9.8(Critical)

The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.

CWE-6932018