Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

Related bugs and status

CVE-2021-38503 (Candidate) is related to these bugs:

Bug #1949605: Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS

		In	Importance	Status
1949605	Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS	thunderbird (Ubuntu)	Undecided	Fix Released
1949605	Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS	thunderbird (Ubuntu Focal)	Undecided	Fix Released
1949605	Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS	thunderbird (Ubuntu Hirsute)	Undecided	Fix Released
1949605	Backport Thunderbird 91 to 20.04 LTS and 18.04 LTS	thunderbird (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.mozil...
MISC: https://www.mozilla.or...
MISC: https://www.mozilla.or...
MISC: https://www.mozilla.or...
DEBIAN: DSA-5026
MLIST: [debian-lts-announce] ...
DEBIAN: DSA-5034
MLIST: [debian-lts-announce] ...
GENTOO: GLSA-202202-03
GENTOO: GLSA-202208-14