Inheritance of Top-Level Permissions in Cross-Origin Browsing Contexts

Inheritance of Top-Level Permissions in Cross-Origin Browsing Contexts

CVE-2022-29909 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.

Learn more about our Web Application Penetration Testing UK.