Lucene search
PRIOn knowledge basePRION:CVE-2024-0747HistoryJan 23, 2024 - 2:15 p.m.
Design/Logic Flaw
2024-01-2314:15:00
PRIOn knowledge base
www.prio-n.com
13
design flaw
logic flaw
content security policy
iframe
firefox
thunderbird
vulnerability
When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 10.0 | |
| firefox | lt | 122.0 | |
| firefox_esr | lt | 115.7 | |
| thunderbird | lt | 115.7 |
References
bugzilla.mozilla.org/show_bug.cgi?id=1764343
lists.debian.org/debian-lts-announce/2024/01/msg00015.html
lists.debian.org/debian-lts-announce/2024/01/msg00022.html
www.mozilla.org/security/advisories/mfsa2024-01/
www.mozilla.org/security/advisories/mfsa2024-02/
www.mozilla.org/security/advisories/mfsa2024-04/
Related
alpinelinux
alpinelinux
CVE-2024-0747
2024-01-23 14:15:38
cve
cve
CVE-2024-0747
2024-01-23 14:15:38
veracode
veracode
Protection Mechanism Failure
2024-02-03 03:03:59
debiancve
debiancve
CVE-2024-0747
2024-01-23 14:15:38
ubuntucve
ubuntucve
CVE-2024-0747
2024-01-23 00:00:00
cvelist
cvelist
CVE-2024-0747
2024-01-23 13:48:16
cnvd
cnvd
Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-10434)
2024-01-26 00:00:00
redhatcve
redhatcve
CVE-2024-0747
2024-01-25 17:21:17
nvd
nvd
CVE-2024-0747
2024-01-23 14:15:38
nessus
nessus
Mozilla Firefox ESR < 115.7
2024-01-23 00:00:00
Mozilla Firefox ESR < 115.7
2024-01-23 00:00:00
openvas
openvas
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.7 — Mozilla
2024-01-23 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.7 — Mozilla
2024-01-23 00:00:00
Security Vulnerabilities fixed in Firefox 122 — Mozilla
2024-01-23 00:00:00
slackware
slackware
[slackware-security] mozilla-firefox
2024-01-23 20:15:17
[slackware-security] mozilla-thunderbird
2024-01-24 05:03:37
redhat
redhat
(RHSA-2024:0559) Important: firefox security update
2024-01-30 10:45:00
(RHSA-2024:0619) Important: thunderbird security update
2024-01-30 15:26:00
(RHSA-2024:0618) Important: firefox security update
2024-01-30 15:25:59
oraclelinux
oraclelinux
thunderbird security update
2024-01-30 00:00:00
firefox security update
2024-01-30 00:00:00
firefox security update
2024-01-30 00:00:00
osv
osv
firefox-esr - security update
2024-01-31 00:00:00
Important: firefox security update
2024-01-30 00:00:00
thunderbird - security update
2024-01-24 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerabilities
2024-02-04 05:49:27
Updated nss and firefox packages fix some security vulnerabilities
2024-02-04 05:49:27
rocky
rocky
thunderbird security update
2024-02-12 20:17:26
firefox security update
2024-02-12 20:17:26
kaspersky
kaspersky
KLA63225 Multiple vulnerabilities in Mozilla Thunderbird
2024-01-23 00:00:00
KLA63224 Multiple vulnerabilities in Mozilla Firefox ESR
2024-01-23 00:00:00
KLA63223 Multiple vulnerabilities in Mozilla Firefox
2024-01-23 00:00:00
debian
debian
[SECURITY] [DSA 5605-1] thunderbird security update
2024-01-24 18:53:24
[SECURITY] [DSA 5606-1] firefox-esr security update
2024-01-24 19:18:38
[SECURITY] [DLA 3727-1] firefox-esr security update
2024-01-31 15:16:20
almalinux
almalinux
Important: thunderbird security update
2024-01-30 00:00:00
Important: firefox security update
2024-01-30 00:00:00
Important: thunderbird security update
2024-01-30 00:00:00
centos
centos
firefox, thunderbird security update
2024-02-05 19:24:42
amazon
amazon
Medium: thunderbird
2024-02-01 19:57:00
ubuntu
ubuntu
Firefox vulnerabilities
2024-01-29 00:00:00
Firefox regressions
2024-02-07 00:00:00
Thunderbird vulnerabilities
2024-03-04 00:00:00
gentoo
gentoo
Mozilla Firefox: Multiple Vulnerabilities
2024-02-19 00:00:00
Mozilla Thunderbird: Multiple Vulnerabilities
2024-02-19 00:00:00