Red Hat Bugzilla – Bug 1479228
CVE-2017-7808 Mozilla: CSP information leak with frame-ancestors containing paths (MFSA 2017-18)
Last modified: 2017-08-24 03:36:59 EDT
A content security policy (CSP) with a directive containing origins with paths in frame-ancestors allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
Name: the Mozilla project
Upstream: Jun Kokatsu