CVE-2019-17001
CVSS v3.1
6.1 (Medium)
CVSS v2.0
5.8 (Medium)
EPSS
0.07 % (33th)
Affected Products
1
Advisories
4
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-01-08 22:15:11
(4 years ago) - Updated Date
-
2020-01-13 18:16:39
(4 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...