When a pages content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Enterprise_linux_desktop | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_desktop | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_server | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux_server_aus | Redhat | 7.4 (including) | 7.4 (including) |
| Enterprise_linux_server_eus | Redhat | 7.4 (including) | 7.4 (including) |
| Enterprise_linux_server_eus | Redhat | 7.5 (including) | 7.5 (including) |
| Enterprise_linux_workstation | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux_workstation | Redhat | 7.0 (including) | 7.0 (including) |