Home

CVE-2017-7823

Description

The content security policy (CSP) sandbox directive did not create a unique origin for the document, causing it to behave as if the allow-same-origin keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.416

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox ESR (52.4.0)Windows
Update for Mozilla Firefox ESR x64 (52.4.0)Windows
Update for Mozilla Firefox (56.0)Windows
Update for Mozilla Firefox x64 (56.0)Windows
Update for Mozilla Thunderbird (52.4.0)Windows
Update for Mozilla Firefox (56.0.1)Windows
Update for Mozilla Firefox x64 (56.0.1)Windows
Update for Mozilla Firefox ESR (52.4.1)Windows
Update for Mozilla Firefox ESR x64 (52.4.1)Windows
Update for Mozilla Firefox (56.0.2)Windows
Update for Mozilla Firefox x64 (56.0.2)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (56.0.2)Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 52.3.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 52.3.0Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 55.0.3Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 52.3.0Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 52.4Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-306451Update for Mozilla Firefox ESR (52.4.0)
PATCH-306454Update for Mozilla Firefox (56.0)
PATCH-306455Update for Mozilla Firefox x64 (56.0)
PATCH-306497Update for Mozilla Firefox (56.0.1)
PATCH-306498Update for Mozilla Firefox x64 (56.0.1)
PATCH-306503Update for Mozilla Firefox ESR (52.4.1)
PATCH-306578Update for Mozilla Firefox (56.0.2)
PATCH-306579Update for Mozilla Firefox x64 (56.0.2)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234