Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-7823  

The content security policy (CSP) sandbox directive in Thunderbird < 52.4 did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content.

Source
Severity Medium

Remote Yes

Type Cross-site scripting

Description 

The content security policy (CSP) sandbox directive in Thunderbird < 52.4  did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content.

AVG-441 thunderbird 52.3.0-2 52.4.0-1 Critical Fixed

12 Oct 2017 ASA-201710-19 AVG-441 thunderbird Critical multiple issues 

https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823
https://bugzilla.mozilla.org/show_bug.cgi?id=1396320

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started