Mozilla Firefox CVE-2016-5262 Cross Site Scripting Vulnerability

description-logoDescription

Security researcher Nikita Arykov reported that JavaScript event handler attributes on a tag will execute inside a sandboxed iframe that does not have the allow-scripts flag set. This could result in a cross-site scripting (XSS) vulnerability in a site that depends on the iframe sandbox for sanitization and does no other content filtering.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2016-5262