When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
                
            Metrics
Affected Vendors & Products
Advisories
    | Source | ID | Title | 
|---|---|---|
|  Debian DLA | DLA-3720-1 | thunderbird security update | 
|  Debian DLA | DLA-3727-1 | firefox-esr security update | 
|  Debian DSA | DSA-5605-1 | thunderbird security update | 
|  Debian DSA | DSA-5606-1 | firefox-esr security update | 
|  EUVD | EUVD-2024-16536 | When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | 
|  Ubuntu USN | USN-6610-1 | Firefox vulnerabilities | 
|  Ubuntu USN | USN-6669-1 | Thunderbird vulnerabilities | 
Fixes
    Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
        History
                    Thu, 22 May 2025 18:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Weaknesses | CWE-693 | 
Fri, 18 Oct 2024 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: mozilla
Published:
Updated: 2025-05-22T17:40:22.592Z
Reserved: 2024-01-19T16:52:25.524Z
Link: CVE-2024-0747
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-01T18:18:17.903Z
 NVD
                        NVD
                    Status : Modified
Published: 2024-01-23T14:15:38.463
Modified: 2025-05-22T18:15:34.830
Link: CVE-2024-0747
 Redhat
                        Redhat
                     OpenCVE Enrichment
                        OpenCVE Enrichment
                    No data.