CVE-2017-7808

Summary

A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 55affected

Weaknesses

  • CSP information leak with frame-ancestors containing paths

ADP Enrichment

CVE Program Container

Additional References

References