{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1285?format=json","vulnerability_id":"VCID-bnuz-8g1t-ybc2","summary":"The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame.","aliases":[{"alias":"CVE-2021-38503"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2182?format=json","purl":"pkg:alpm/archlinux/firefox@94.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@94.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/2179?format=json","purl":"pkg:alpm/archlinux/thunderbird@91.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@91.3.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/739?format=json","purl":"pkg:mozilla/Firefox@94.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@94.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/704?format=json","purl":"pkg:mozilla/Firefox%20ESR@91.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@91.3.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/2181?format=json","purl":"pkg:alpm/archlinux/firefox@93.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-473a-9b6z-bufs"},{"vulnerability":"VCID-54pu-nmum-guhs"},{"vulnerability":"VCID-7s6p-8cx2-bybs"},{"vulnerability":"VCID-bnuz-8g1t-ybc2"},{"vulnerability":"VCID-bsrv-bkzk-pfhh"},{"vulnerability":"VCID-d78u-x2t8-vkfg"},{"vulnerability":"VCID-unnb-hcmb-tqep"},{"vulnerability":"VCID-w3cg-uv84-q3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/firefox@93.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/2178?format=json","purl":"pkg:alpm/archlinux/thunderbird@91.2.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-473a-9b6z-bufs"},{"vulnerability":"VCID-54pu-nmum-guhs"},{"vulnerability":"VCID-7s6p-8cx2-bybs"},{"vulnerability":"VCID-bnuz-8g1t-ybc2"},{"vulnerability":"VCID-bsrv-bkzk-pfhh"},{"vulnerability":"VCID-d78u-x2t8-vkfg"},{"vulnerability":"VCID-unnb-hcmb-tqep"},{"vulnerability":"VCID-w3cg-uv84-q3g5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/thunderbird@91.2.1-1"}],"references":[{"reference_url":"https://security.archlinux.org/ASA-202111-2","reference_id":"ASA-202111-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-2"},{"reference_url":"https://security.archlinux.org/ASA-202111-3","reference_id":"ASA-202111-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202111-3"},{"reference_url":"https://security.archlinux.org/AVG-2511","reference_id":"AVG-2511","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2511"},{"reference_url":"https://security.archlinux.org/AVG-2518","reference_id":"AVG-2518","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2518"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48","reference_id":"mfsa2021-48","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-48"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49","reference_id":"mfsa2021-49","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50","reference_id":"mfsa2021-50","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-50"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bnuz-8g1t-ybc2"}