Not to be fixed
Created: Jan 23, 2024
Updated: Apr 8, 2024
Resolved Date: Apr 8, 2024
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Userspace
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CREATE(Triage):(User=admin) CVE-2024-0747 (https://nvd.nist.gov/vuln/detail/CVE-2024-0747)