We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | mozilla |
Reserved | 2024-01-19 |
Published | 2024-01-23 |
Updated | 2024-10-18 |
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Seongil Wi
https://bugzilla.mozilla.org/show_bug.cgi?id=1764343
https://www.mozilla.org/security/advisories/mfsa2024-01/
https://www.mozilla.org/security/advisories/mfsa2024-02/
https://www.mozilla.org/security/advisories/mfsa2024-04/
https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html