Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-7803

Published: 11/06/2018 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Enterprise Linux Workstation

Vulnerability Summary

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 7.4

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server 6.0

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server 7.0

redhat enterprise linux desktop 7.0

debian debian linux 8.0

debian debian linux 9.0

mozilla firefox esr

mozilla thunderbird

mozilla firefox

Vendor Advisories

Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Ubuntu Security Notice: firefox regression
USN-3391-1 introduced a regression in Firefox ...
Ubuntu Security Notice: ubufox update
This update provides compatible packages for Firefox 55 ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Debian Security Advisories: DSA-3968-1 icedove -- security update
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service For the oldstable distribution (jessie), these problems have been fixed in version 5230-4~deb8u2 For the stable distribution (stretch), these problems have been fixed in version 5230-4~deb9u1 We recommend that you u ...
Debian Security Advisories: DSA-3928-1 firefox-esr -- security update
Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service, bypass of the same-origin policy or incorrect enforcement of CSP For the oldstable distribution (jessie), these ...
Red Hat: CVE-2017-7803
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored This results in the incorrect enforcement of CSP This vulnerability affects Thunderbird &lt; 523, Firefox ESR &lt; 523, and Firefox &lt; 55 ...
Arch Linux Issues:
A security issue has been found in firefox &lt; 550 and thunderbird &lt; 523 When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored This results in the incorrect enforcement of CSP ...
Mozilla: Security vulnerabilities fixed in Firefox ESR 52.3
Mozilla Foundation Security Advisory 2017-19 Security vulnerabilities fixed in Firefox ESR 523 Announced August 8, 2017 Impact critical Products Firefox ESR Fixed in Firefox ESR 523 ...
Mozilla: Security vulnerabilities fixed in Firefox 55
Mozilla Foundation Security Advisory 2017-18 Security vulnerabilities fixed in Firefox 55 Announced August 8, 2017 Impact critical Products Firefox Fixed in Firefox 55 ...
Mozilla: Security vulnerabilities fixed in Thunderbird 52.3
Mozilla Foundation Security Advisory 2017-20 Security vulnerabilities fixed in Thunderbird 523 Announced August 18, 2017 Impact critical Products Thunderbird Fixed in Thunderbird 523 ...

References

CWE-269https://www.mozilla.org/security/advisories/mfsa2017-20/https://www.mozilla.org/security/advisories/mfsa2017-19/https://www.mozilla.org/security/advisories/mfsa2017-18/https://bugzilla.mozilla.org/show_bug.cgi?id=1377426https://www.debian.org/security/2017/dsa-3968https://www.debian.org/security/2017/dsa-3928https://security.gentoo.org/glsa/201803-14https://access.redhat.com/errata/RHSA-2017:2534https://access.redhat.com/errata/RHSA-2017:2456http://www.securitytracker.com/id/1039124http://www.securityfocus.com/bid/100234https://nvd.nist.govhttps://usn.ubuntu.com/3416-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook