Redhat » Enterprise Linux Workstation : Security Vulnerabilities, CVEs, Published In June 2018 (XSS)
The content security policy (CSP) "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting (XSS) attack to be launched from unsafe content. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4.
Max CVSS
5.4
EPSS Score
0.44%
Published
2018-06-11
Updated
2018-08-09
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.
Max CVSS
6.1
EPSS Score
0.20%
Published
2018-06-11
Updated
2018-08-09
2 vulnerabilities found