CVE-2019-17000
CVSS v3.1
6.1 (Medium)
CVSS v2.0
5.8 (Medium)
EPSS
0.07 % (33th)
Affected Products
1
Advisories
4
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-01-08 21:15:10
(4 years ago) - Updated Date
-
2020-01-13 18:15:44
(4 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...