A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
A security issue has been found in Firefox before version 95 and Thunderbird before version 91.4.0. Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content.
https://www.mozilla.org/security/advisories/mfsa2021-52/ https://www.mozilla.org/security/advisories/mfsa2021-54/ https://bugzilla.mozilla.org/show_bug.cgi?id=1738418