CVE-2020-15653

Summary

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 78.1affected
MozillaFirefoxunspecified < 79affected
MozillaThunderbirdunspecified < 78.1affected

Weaknesses

  • Bypassing iframe sandbox when allowing popups

ADP Enrichment

CVE Program Container

Additional References

References