When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn’t display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.
CWE-1021
CVE-2022-29911
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
CVE-2022-2965
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-28889
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
CVE-2022-28649
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
CVE-2022-28286
Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8.