Security bypass vulnerability in Content Security Policy in Mozilla Firefox - CVE-2019-17020 (MacOS X)ID: oval:org.secpod.oval:def:60463 | Date: (C)2020-01-08 (M)2023-11-19 |
Class: VULNERABILITY | Family: macos |
Mozilla Firefox 72 : If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.9 |
Apple Mac OS X 10.10 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.15 |