firefox is vulnerable to Protection Mechanism Failure. The vulnerability is due to a parent page loading a child in an iframe with unsafe-inline, allowing the parent Content Security Policy to override the child’s.
bugzilla.mozilla.org/show_bug.cgi?id=1764343
lists.debian.org/debian-lts-announce/2024/01/msg00015.html
lists.debian.org/debian-lts-announce/2024/01/msg00022.html
security-tracker.debian.org/tracker/CVE-2024-0747
www.mozilla.org/security/advisories/mfsa2024-01/
www.mozilla.org/security/advisories/mfsa2024-02/
www.mozilla.org/security/advisories/mfsa2024-04/