The Content Security Policy (CSP) implementation in Mozilla Firefox prior to 27.0 and SeaMonkey prior to 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote malicious users to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla seamonkey |
||
mozilla firefox |
||
oracle solaris 11.3 |
||
canonical ubuntu linux 13.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 12.04 |
||
suse linux enterprise desktop 11 |
||
suse linux enterprise server 11 |
||
opensuse opensuse 12.3 |
||
suse linux enterprise software development kit 11 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 13.1 |