[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: XSLT stylesheets treated as styles in Content Security Policy - mfsa2014-07 (Mac OS X)

ID: oval:org.secpod.oval:def:16729Date: (C)2014-02-10   (M)2024-02-19
Class: PATCHFamily: macos




Mozilla security engineer Frederik Braun reported an issue where the implementation of Content Security Policy (CSP) is not in compliance with the specification . XSLT stylesheets must be subject to script-src directives but Mozilla"s implementation of CSP treats them as styles. This could lead to unexpected script execution if the style-src directives were less restrictive than those for scripts.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.14
Apple Mac OS X 10.13
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Product:
Mozilla SeaMonkey
Mozilla Firefox
Reference:
MFSA 2014-07
CVE-2014-1485
CVE    1
CVE-2014-1485
CPE    374
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:seamonkey:2.21:beta1
cpe:/a:mozilla:seamonkey:2.21:beta2
cpe:/a:mozilla:firefox:20.0.1
...

© SecPod Technologies