Количество 7
Количество 7
CVE-2018-5175
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
CVE-2018-5175
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
CVE-2018-5175
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
CVE-2018-5175
A mechanism to bypass Content Security Policy (CSP) protections on sit ...
GHSA-c5vx-c657-hmcm
A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
BDU:2019-03515
Уязвимость компонента Content Security Policy (CSP) браузера Firefox, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
SUSE-SU-2019:2872-1
Security update for MozillaFirefox
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-5175 A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
 | CVE-2018-5175 A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
 | CVE-2018-5175 A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
| CVE-2018-5175 A mechanism to bypass Content Security Policy (CSP) protections on sit ... | CVSS3: 6.1 | 1% Низкий | больше 7 лет назад |
| GHSA-c5vx-c657-hmcm A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. | CVSS3: 6.1 | 1% Низкий | больше 3 лет назад |
 | BDU:2019-03515 Уязвимость компонента Content Security Policy (CSP) браузера Firefox, позволяющая нарушителю осуществлять межсайтовые сценарные атаки | CVSS3: 6.5 | 1% Низкий | больше 7 лет назад |
 | SUSE-SU-2019:2872-1 Security update for MozillaFirefox | больше 6 лет назад |
Уязвимостей на страницу