We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-0747



Assignermozilla
Reserved2024-01-19
Published2024-01-23
Updated2024-10-18

Description

When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Product status

Any version before 122
affected

Any version before 115.7
affected

Any version before 115.7
affected

Credits

Seongil Wi

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1764343

https://www.mozilla.org/security/advisories/mfsa2024-01/

https://www.mozilla.org/security/advisories/mfsa2024-02/

https://www.mozilla.org/security/advisories/mfsa2024-04/

https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html

https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html

cve.org CVE-2024-0747

nvd.nist.gov CVE-2024-0747

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.