CVE-2017-7803

Summary

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 52.3affected
MozillaFirefox ESRunspecified < 52.3affected
MozillaFirefoxunspecified < 55affected

Weaknesses

  • CSP containing 'sandbox' improperly applied

ADP Enrichment

CVE Program Container

Additional References

References