Event handlers on marquee elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 9.0 (including) | 9.0 (including) |