Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.

Related CVEs

CVE-2022-34474

Key Information

GHSA ID

GHSA-v9f2-7gjf-86f5

Published

December 22, 2022 9:30 PM

Last Modified

April 15, 2025 9:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 12, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.