Mozilla · Firefox Esr · CVE-2016-5262
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 48.0
Firefox ESR versions prior to 45.3
**Description**
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, by processing JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value.
**Recommendations**
For Mozilla Firefox versions prior to 48.0, update to version 48.0 or later.
For Firefox ESR versions prior to 45.3, update to version 45.3 or later.