First published: Tue May 05 2020(Updated: )
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <76 | 76 |
Mozilla Firefox | <76.0 | |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0+ | 76.0+ |
ubuntu/firefox | <76.0 | 76.0 |
ubuntu/firefox | <76.0+ | 76.0+ |
debian/firefox | 130.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)