CVE-2024-0747 Information

Description

When a parent page loaded a child in an iframe with unsafe-inline the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122 Firefox ESR < 115.7 and Thunderbird < 115.7.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1764343 https://www.mozilla.org/security/advisories/mfsa2024-01/ https://www.mozilla.org/security/advisories/mfsa2024-02/ https://www.mozilla.org/security/advisories/mfsa2024-04/