Firefox, Thunderbird - (bulletinoct2017)ID: oval:org.secpod.oval:def:2101470 | Date: (C)2020-01-14 (M)2022-01-13 |
Class: PATCH | Family: unix |
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Product: |
web/data/firefox-bookmarks |
web/browser/firefox |
web/browser/firefox/plugin/firefox-java |
mail/thunderbird |
mail/thunderbird/plugin/thunderbird-lightning |