CVE-2021-4140

Reference Links

• https://bugzilla.mozilla.org/show_bug.cgi?id=1746720
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/
• https://www.mozilla.org/security/advisories/mfsa2022-01/
• https://www.mozilla.org/security/advisories/mfsa2022-02/
• https://www.mozilla.org/security/advisories/mfsa2022-03/

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2022-02
• MFSA2022-03
• MFSA2022-01

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2022-22746
• CVE-2022-22743
• CVE-2022-22742
• CVE-2022-22741
• CVE-2022-22740
• CVE-2022-22738
• CVE-2022-22737
• CVE-2021-4140
• CVE-2022-22748
• CVE-2022-22745
• CVE-2022-22744
• CVE-2022-22747
• CVE-2022-22739
• CVE-2022-22751
• CVE-2022-22750
• CVE-2022-22749
• CVE-2022-22763
• CVE-2022-22736
• CVE-2022-22752

Frequently Asked Questions

• What is the vulnerability ID of this issue?

  The vulnerability ID of this issue is CVE-2021-4140.

• What is the severity of CVE-2021-4140?

  The severity of CVE-2021-4140 is critical.

• Which software versions are affected by CVE-2021-4140?

  CVE-2021-4140 affects Firefox ESR versions before 91.5, Firefox versions before 96, and Thunderbird versions before 91.5.

• How can an attacker exploit CVE-2021-4140?

  An attacker can exploit CVE-2021-4140 by constructing specific XSLT markup to bypass an iframe sandbox.

• Where can I find more information about CVE-2021-4140?

  You can find more information about CVE-2021-4140 in the following references: [Mozilla Bugzilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1746720), [Mozilla Security Advisory MFSA2022-03](https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/), [Mozilla Security Advisory MFSA2022-01](https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/).