CVE-2017-7788

Description

When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox < 55.

References

https://www.mozilla.org/security/advisories/mfsa2017-18/

http://www.securitytracker.com/id/1039124

http://www.securityfocus.com/bid/100379

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3