When an https: web page created a pop-up from a ...
Moderate severity
Unreviewed
Published
Nov 21, 2023
to the GitHub Advisory Database
•
Updated Jan 16, 2024
Description
Published by the National Vulnerability Database
Nov 21, 2023
Published to the GitHub Advisory Database
Nov 21, 2023
Last updated
Jan 16, 2024
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox < 120.
References