CVE-2017-7823
CVSS v3.0
5.4 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.32 % (71th)
Affected Products
9
Advisories
20
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2018-06-11 21:29:11
(6 years ago) - Updated Date
-
2018-08-09 16:24:17
(6 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...