Rhys Enniks

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.3 Firefox ESR versions prior to 52.3 Firefox versions prior to 55 **Description** The issue is related to the incorrect application of the `sandbox` directive in the Content Security Policy (CSP) mechanism. This can allow a remote attacker to gain unauthorized access to protected information. The vulnerability is caused by the ignoring of other directives when a `sandbox` directive is present in a page's CSP header, resulting in the incorrect enforcement of CSP. **Recommendations** For Thunderbird versions prior to 52.3, update to version 52.3 or later. For Firefox ESR versions prior to 52.3, update to version 52.3 or later. For Firefox versions prior to 55, update to version 55 or later.