CVE-2024-0747
published 2024-01-23CVE-2024-0747: When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | firefox | < firefox 122.0-1 (sid) | firefox 122.0-1 (sid) |
| debian | firefox-esr | < firefox 122.0-1 (sid) | firefox 122.0-1 (sid) |
| debian | thunderbird | < firefox 122.0-1 (sid) | firefox 122.0-1 (sid) |
| mozilla | firefox | < 122.0 | 122.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 122.0.1+build1-0ubuntu0.20.04.1 | 122.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 122.0+build2-0ubuntu0.20.04.1 | 122.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= unspecified < 122 | 122 |
| mozilla | firefox_esr | < 115.7 | 115.7 |
| mozilla | firefox_esr | >= unspecified < 115.7 | 115.7 |
| mozilla | thunderbird | < 115.7 | 115.7 |
| mozilla | thunderbird | >= 0 < 1:115.7.0-1~deb11u1 | 1:115.7.0-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:115.7.0-1~deb12u1 | 1:115.7.0-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:115.7.0-1 | 1:115.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:115.7.0-1 | 1:115.7.0-1 |
| mozilla | thunderbird | >= 0 < 1:115.8.1+build1-0ubuntu0.20.04.1 | 1:115.8.1+build1-0ubuntu0.20.04.1 |
| mozilla | thunderbird | >= 0 < 1:115.8.1+build1-0ubuntu0.22.04.1 | 1:115.8.1+build1-0ubuntu0.22.04.1 |
| mozilla | thunderbird | >= unspecified < 115.7 | 115.7 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
osv6.5MEDIUM
OSV
thunderbird vulnerabilities
osv·2024-03-04·CVSS 6.5
CVE-2024-0741 [MEDIUM] thunderbird vulnerabilities
thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742,
CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0755, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550,
CVE-2024-1553, CVE-2024-1936)
Cornel Ionce discovered that Thunderbird did not properly manage memory when
opening the print preview dialog. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-0746)
Alfred Peters discovered th
OSV
firefox regressions
osv·2024-02-07·CVSS 6.5
CVE-2024-0741 [MEDIUM] firefox regressions
firefox regressions
USN-6610-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-0741,
CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747,
CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0754, CVE-2024-0755)
Cornel Ionce discovered that Firefox did not properly manage memory when
opening the print preview dialog. An attacker could potentially exploit
this issue to cause
OSV
firefox vulnerabilities
osv·2024-01-29·CVSS 6.5
CVE-2024-0741 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-0741,
CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747,
CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0754, CVE-2024-0755)
Cornel Ionce discovered that Firefox did not properly manage memory when
opening the print preview dialog. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-0746)
OSV
CVE-2024-0747: When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Securi
osv·2024-01-23·CVSS 6.5
CVE-2024-0747 [MEDIUM] CVE-2024-0747: When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Securi
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
GHSA
GHSA-jx5w-px6r-88w4: When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Securi
ghsa_unreviewed·2024-01-23
CVE-2024-0747 [MEDIUM] CWE-693 GHSA-jx5w-px6r-88w4: When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Securi
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2024-03-04·CVSS 6.5
CVE-2024-0747 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Several security issues were fixed in Thunderbird.
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code. (CVE-2024-0741, CVE-2024-0742,
CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0755, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550,
CVE-2024-1553, CVE-2024-1936)
Cornel Ionce discovered that Thunderbird did not properly manage memory when
opening the print preview dialog. An attacker could potentially exploit
this issue to cau
Ubuntu
Firefox regressions
vendor_ubuntu·2024-02-07·CVSS 6.5
[MEDIUM] Firefox regressions
Title: Firefox regressions
Summary: USN-6610-1 caused some minor regressions in Firefox.
USN-6610-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-0741,
CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747,
CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0754, CVE-2024-0755)
Cornel Ionce discovered that Firefox did not properly manage memory when
opening the print pre
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2024-01-29·CVSS 6.5
CVE-2024-0745 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Several security issues were fixed in Firefox.
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-0741,
CVE-2024-0742, CVE-2024-0743, CVE-2024-0744, CVE-2024-0745, CVE-2024-0747,
CVE-2024-0748, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753,
CVE-2024-0754, CVE-2024-0755)
Cornel Ionce discovered that Firefox did not properly manage memory when
opening the print preview dialog. An attacker could potentially exploit
this issue to cause a denial of service. (CVE-2024-0746)
Instructions: After a standard system update yo
Red Hat
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
vendor_redhat·2024-01-23·CVSS 6.5
CVE-2024-0747 [MEDIUM] CWE-1021 Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
The Mozilla Foundation Security Advisory describes this flaw as:
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy.
Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.
Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope
Package: thunderbird (Red Hat Enterprise Lin
Debian
CVE-2024-0747: firefox - When a parent page loaded a child in an iframe with `unsafe-inline`, the parent ...
vendor_debian·2024·CVSS 6.5
CVE-2024-0747 [MEDIUM] CVE-2024-0747: firefox - When a parent page loaded a child in an iframe with `unsafe-inline`, the parent ...
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Scope: local
sid: resolved (fixed in 122.0-1)
Mozilla
Mozilla Foundation Security Advisory 2024-01: CVE-2024-0747
vendor_mozilla·CVSS 6.5
CVE-2024-0747 [MEDIUM] Mozilla Foundation Security Advisory 2024-01: CVE-2024-0747
Mozilla Foundation Security Advisory 2024-01
CVE: CVE-2024-0747
Product: Firefox
Impact: moderate
Fixed in: Firefox 122
Mozilla
Mozilla Foundation Security Advisory 2024-04: CVE-2024-0747
vendor_mozilla·CVSS 6.5
CVE-2024-0747 [MEDIUM] Mozilla Foundation Security Advisory 2024-04: CVE-2024-0747
Mozilla Foundation Security Advisory 2024-04
CVE: CVE-2024-0747
Product: Thunderbird
Impact: moderate
Fixed in: Thunderbird 115.7
Mozilla
Mozilla Foundation Security Advisory 2024-02: CVE-2024-0747
vendor_mozilla·CVSS 6.5
CVE-2024-0747 [MEDIUM] Mozilla Foundation Security Advisory 2024-02: CVE-2024-0747
Mozilla Foundation Security Advisory 2024-02
CVE: CVE-2024-0747
Product: Firefox ESR
Impact: moderate
Fixed in: Firefox ESR 115.7
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1764343https://lists.debian.org/debian-lts-announce/2024/01/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2024/01/msg00022.htmlhttps://www.mozilla.org/security/advisories/mfsa2024-01/https://www.mozilla.org/security/advisories/mfsa2024-02/https://www.mozilla.org/security/advisories/mfsa2024-04/https://bugzilla.mozilla.org/show_bug.cgi?id=1764343https://lists.debian.org/debian-lts-announce/2024/01/msg00015.htmlhttps://lists.debian.org/debian-lts-announce/2024/01/msg00022.htmlhttps://www.mozilla.org/security/advisories/mfsa2024-01/https://www.mozilla.org/security/advisories/mfsa2024-02/https://www.mozilla.org/security/advisories/mfsa2024-04/
2024-01-23
Published