Security Advisory

CVE-2024-0747

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-01-23 13:48:16

Last updated 2025-05-22 17:40:22

Assigner mozilla

State PUBLISHED

Description

When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

← Browse all CVEs View on cve.org ↗