The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://8pecxstudios.com/?page_id=44080 - Broken Link, URL Repurposed |
Information
Published : 2014-02-06 05:44
Updated : 2024-02-28 12:20
NVD link : CVE-2014-1485
Mitre link : CVE-2014-1485
CVE.ORG link : CVE-2014-1485
JSON object : View
Products Affected
opensuse
- opensuse
oracle
- solaris
suse
- linux_enterprise_software_development_kit
- linux_enterprise_server
- linux_enterprise_desktop
mozilla
- firefox
- seamonkey
canonical
- ubuntu_linux
CWE