Описание
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| lucid | ignored | end of life |
| precise | released | 27.0+build1-0ubuntu0.12.04.1 |
| quantal | released | 27.0+build1-0ubuntu0.12.10.1 |
| saucy | released | 27.0+build1-0ubuntu0.13.10.1 |
| upstream | released | 27.0 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
The Content Security Policy (CSP) implementation in Mozilla Firefox be ...
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
Уязвимость в программном продукте Mozilla SeaMonkey, позволяющая злоумышленнику выполнить произвольный код
EPSS
7.5 High
CVSS2