Ed Mcmanus

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 98 Firefox ESR versions prior to 91.7 Thunderbird versions prior to 91.7 **Description** The issue is related to a logical error in handling iframes. If an attacker could control the contents of an iframe sandboxed with `allow-popups` but not `allow-scripts`, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This could allow a remote attacker to bypass introduced security restrictions. **Recommendations** For Firefox versions prior to 98, update to version 98 or later. For Firefox ESR versions prior to 91.7, update to version 91.7 or later. For Thunderbird versions prior to 91.7, update to version 91.7 or later.