1
PublicDateAtUSN: 2017-08-10
2
Candidate: CVE-2017-7788
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7788
6
https://usn.ubuntu.com/usn/usn-3391-1
8
When an "iframe" has a "sandbox" attribute and its content is specified
9
using "srcdoc", that content does not inherit the containing page's Content
10
Security Policy (CSP) as it should unless the sandbox attribute included
11
"allow-same-origin". This vulnerability affects Firefox < 55.
14
tyhicks> mozjs38 contains a copy of the SpiderMonkey JavaScript engine
18
Assigned-to: chrisccoulson
21
upstream_firefox: released (55.0)
22
precise/esm_firefox: DNE
23
trusty_firefox: released (55.0.1+build2-0ubuntu0.14.04.2)
24
vivid/ubuntu-core_firefox: DNE
25
xenial_firefox: released (55.0.1+build2-0ubuntu0.16.04.2)
26
zesty_firefox: released (55.0.1+build2-0ubuntu0.17.04.2)
27
artful_firefox: released (55.0.2+build1-0ubuntu4)
28
bionic_firefox: released (55.0.2+build1-0ubuntu4)
29
devel_firefox: released (55.0.2+build1-0ubuntu4)
32
upstream_mozjs38: needs-triage
33
precise/esm_mozjs38: DNE
35
vivid/ubuntu-core_mozjs38: DNE
37
zesty_mozjs38: ignored (reached end-of-life)
38
artful_mozjs38: needs-triage
39
bionic_mozjs38: needs-triage
40
devel_mozjs38: needs-triage