Security Advisory

CVE-2019-17001

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-08 21:41:25

Last updated 2024-08-05 01:24:48

Assigner mozilla

State PUBLISHED

Description

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70.

← Browse all CVEs View on cve.org ↗