VDB
DEBIAN-CVE-2017-7823
DEBIAN-CVE-2017-7823
PUBLISHED
CVSS 5.400000095367432 MEDIUM
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Risk Scores
CVSS v3.0
5.400000095367432
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | firefox-esr | 0, 0, 0 |
| Debian:14 | firefox-esr | 0, 0, 0 |
| Debian:13 | thunderbird | 0, 0, 0 |
| Debian:11 | firefox-esr | 0, 0, 0 |
| Debian:12 | thunderbird | 0, 0, 0 |
| Debian:13 | firefox-esr | 0, 0, 0 |
| Debian:11 | thunderbird | 0, 0, 0 |
| Debian:14 | thunderbird | 0, 0, 0 |
Timeline
- Jun 11, 2018 CVE Published
- Apr 28, 2026 CVE Updated