When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux_desktop | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_desktop | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_server | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server_aus | Redhat | 7.4 (including) | 7.4 (including) |
| Enterprise_linux_server_eus | Redhat | 7.4 (including) | 7.4 (including) |
| Enterprise_linux_server_eus | Redhat | 7.5 (including) | 7.5 (including) |
| Enterprise_linux_workstation | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_workstation | Redhat | 7.0 (including) | 7.0 (including) |
| Red Hat Enterprise Linux 6 | RedHat | firefox-0:52.3.0-3.el6_9 | * |
| Red Hat Enterprise Linux 6 | RedHat | thunderbird-0:52.3.0-1.el6_9 | * |
| Red Hat Enterprise Linux 7 | RedHat | firefox-0:52.3.0-2.el7_4 | * |
| Red Hat Enterprise Linux 7 | RedHat | thunderbird-0:52.3.0-1.el7_4 | * |
| Firefox | Ubuntu | artful | * |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | cosmic | * |
| Firefox | Ubuntu | devel | * |
| Firefox | Ubuntu | disco | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Firefox | Ubuntu | zesty | * |
| Mozjs38 | Ubuntu | artful | * |
| Mozjs38 | Ubuntu | zesty | * |
| Thunderbird | Ubuntu | artful | * |
| Thunderbird | Ubuntu | bionic | * |
| Thunderbird | Ubuntu | cosmic | * |
| Thunderbird | Ubuntu | devel | * |
| Thunderbird | Ubuntu | disco | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | xenial | * |
| Thunderbird | Ubuntu | zesty | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html
References
- http://www.securityfocus.com/bid/100234
- http://www.securitytracker.com/id/1039124
- https://access.redhat.com/errata/RHSA-2017:2456
- https://access.redhat.com/errata/RHSA-2017:2534
- https://bugzilla.mozilla.org/show_bug.cgi?id=1377426
- https://security.gentoo.org/glsa/201803-14
- https://www.debian.org/security/2017/dsa-3928
- https://www.debian.org/security/2017/dsa-3968
- https://www.mozilla.org/security/advisories/mfsa2017-18/
- https://www.mozilla.org/security/advisories/mfsa2017-19/
- https://www.mozilla.org/security/advisories/mfsa2017-20/
- http://www.securityfocus.com/bid/100234
- http://www.securitytracker.com/id/1039124
- https://access.redhat.com/errata/RHSA-2017:2456
- https://access.redhat.com/errata/RHSA-2017:2534
- https://bugzilla.mozilla.org/show_bug.cgi?id=1377426
- https://security.gentoo.org/glsa/201803-14
- https://www.debian.org/security/2017/dsa-3928
- https://www.debian.org/security/2017/dsa-3968
- https://www.mozilla.org/security/advisories/mfsa2017-18/
- https://www.mozilla.org/security/advisories/mfsa2017-19/
- https://www.mozilla.org/security/advisories/mfsa2017-20/