CVE-2017-7803 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2017-7803?

CVE-2017-7803 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-7803?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Workstation.

Vulnerability Description

When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	7.4
Redhat	Enterprise Linux Server Eus	7.4
Redhat	Enterprise Linux Workstation	6.0
Debian	Debian Linux	8.0
Mozilla	Firefox	< 52.3.0
Mozilla	Thunderbird	< 52.3.0

Related Weaknesses (CWE)

CWE-269

References

http://www.securityfocus.com/bid/100234Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039124Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2456Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2534Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1377426ExploitIssue TrackingPatch
https://security.gentoo.org/glsa/201803-14Third Party Advisory
https://www.debian.org/security/2017/dsa-3928Third Party Advisory
https://www.debian.org/security/2017/dsa-3968Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2017-18/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-19/Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2017-20/Vendor Advisory
http://www.securityfocus.com/bid/100234Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039124Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2017:2456Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2534Third Party Advisory

FAQ

What is CVE-2017-7803?

CVE-2017-7803 is a vulnerability with a CVSS score of 7.5 (HIGH). When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbir...

How severe is CVE-2017-7803?

CVE-2017-7803 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-7803?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Workstation.