2022-12-22 00:00:00
mozilla
PUBLISHED
When injecting an HTML base element, some requests would ignore the CSPs base-uri settings and accept the injected elements base instead. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105.