Mozilla Foundation Security Advisory 2020-28
Security Vulnerabilities fixed in Firefox 78.0.2
- Announced
- July 8, 2020
- Impact
- moderate
- Products
- Firefox
- Fixed in
-
- Firefox 78.0.2
#CVE-2020-15648: X-Frame-Options bypass using object or embed tags
- Reporter
- Frederik Braun
- Impact
- moderate
Description
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header.