5.7 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
22.3%
When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
unsafe-inline