2025-05-27 12:29:29
mozilla
PUBLISHED
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox < 139 and Thunderbird < 139.