PT-2017-3392 · Mozilla+5 · Firefox Esr+7

Rhys Enniks

·

Published

2017-06-30

·

Updated

2024-12-12

·

CVE-2017-7803

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 52.3 Firefox ESR versions prior to 52.3 Firefox versions prior to 55
Description The issue is related to the incorrect application of the sandbox directive in the Content Security Policy (CSP) mechanism. This can allow a remote attacker to gain unauthorized access to protected information. The vulnerability is caused by the ignoring of other directives when a sandbox directive is present in a page's CSP header, resulting in the incorrect enforcement of CSP.
Recommendations For Thunderbird versions prior to 52.3, update to version 52.3 or later. For Firefox ESR versions prior to 52.3, update to version 52.3 or later. For Firefox versions prior to 55, update to version 55 or later.

Exploit

Fix

Incorrect Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-269

Related Identifiers

ALT-PU-2017-2019
ALT-PU-2017-2060
ALT-PU-2017-2093
ALT-PU-2018-1854
BDU:2018-00175
CESA-2017_2456
CESA-2017_2534
CVE-2017-7803
DLA-1053-1
DLA-1087-1
DSA-3928-1
DSA-3928-2
DSA-3968-1
MGASA-2017-0268
MGASA-2017-0303
MGASA-2018-0018
OPENSUSE-SU-2017:2209-1
OPENSUSE-SU-2017_2151-1
OPENSUSE-SU-2017_2209-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2017:2456
RHSA-2017:2534
RHSA-2017_2456
RHSA-2017_2534
SUSE-SU-2017:2302-1
SUSE-SU-2017:2589-1
USN-3391-1
USN-3391-2
USN-3391-3
USN-3416-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu