If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=1388015 | Issue Tracking Permissions Required Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2019-25/ | Vendor Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1388015 | Issue Tracking Permissions Required Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2019-25/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=1388015 - Issue Tracking, Permissions Required, Vendor Advisory | |
References | () https://www.mozilla.org/security/advisories/mfsa2019-25/ - Vendor Advisory |
Information
Published : 2019-09-27 18:15
Updated : 2024-11-21 04:21
NVD link : CVE-2019-11737
Mitre link : CVE-2019-11737
CVE.ORG link : CVE-2019-11737
JSON object : View
Products Affected
mozilla
- firefox
CWE
CWE-345
Insufficient Verification of Data Authenticity