Vulnerability CVE-2017-7808: Information
Description
A content security policy (CSP) "frame-ancestors" directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information. This vulnerability affects Firefox < 55.
Severity: MEDIUM (5.3) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Published: June 12, 2018
Modified: Aug. 9, 2018
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://www.mozilla.org/security/advisories/mfsa2017-18/ |
|
https://bugzilla.mozilla.org/show_bug.cgi?id=1367531 |
|
1039124 |
|
100373 |
|