cbcvebase.
CVE-2017-7803
published 2018-06-11

CVE-2017-7803: When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of…

high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Affected

25 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianfirefox< firefox 55.0-1 (sid)firefox 55.0-1 (sid)
debianfirefox-esr< firefox 55.0-1 (sid)firefox 55.0-1 (sid)
mozillafirefox< 52.3.052.3.0
mozillafirefox< 55.055.0
mozillafirefox>= 0 < 55.0.1+build2-0ubuntu0.14.04.255.0.1+build2-0ubuntu0.14.04.2
mozillafirefox>= 0 < 55.0.2+build1-0ubuntu0.14.04.155.0.2+build1-0ubuntu0.14.04.1
mozillafirefox>= 0 < 55.0.1+build2-0ubuntu0.16.04.255.0.1+build2-0ubuntu0.16.04.2
mozillafirefox>= 0 < 55.0.2+build1-0ubuntu0.16.04.155.0.2+build1-0ubuntu0.16.04.1
mozillafirefox>= unspecified < 5555
mozillafirefox_esr>= unspecified < 52.352.3
mozillathunderbird< 52.3.052.3.0
mozillathunderbird>= 0 < 1:52.3.0+build1-0ubuntu0.14.04.11:52.3.0+build1-0ubuntu0.14.04.1
mozillathunderbird>= 0 < 1:52.3.0+build1-0ubuntu0.16.04.11:52.3.0+build1-0ubuntu0.16.04.1
mozillathunderbird>= unspecified < 52.352.3
redhatenterprise_linux_desktop
redhatenterprise_linux_desktop
redhatenterprise_linux_server
redhatenterprise_linux_server
redhatenterprise_linux_server_aus
redhatenterprise_linux_server_eus
redhatenterprise_linux_server_eus
redhatenterprise_linux_workstation
redhatenterprise_linux_workstation

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv9.1CRITICAL