When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-3720-1 | thunderbird security update |
![]() |
DLA-3727-1 | firefox-esr security update |
![]() |
DSA-5605-1 | thunderbird security update |
![]() |
DSA-5606-1 | firefox-esr security update |
![]() |
EUVD-2024-16536 | When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. |
![]() |
USN-6610-1 | Firefox vulnerabilities |
![]() |
USN-6669-1 | Thunderbird vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 22 May 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-693 |
Fri, 18 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mozilla
Published:
Updated: 2025-05-22T17:40:22.592Z
Reserved: 2024-01-19T16:52:25.524Z
Link: CVE-2024-0747

Updated: 2024-08-01T18:18:17.903Z

Status : Modified
Published: 2024-01-23T14:15:38.463
Modified: 2025-05-22T18:15:34.830
Link: CVE-2024-0747


No data.