CVE-2019-17001

2020-01-08T22:15:00
ID CVE-2019-17001
Type cve
Reporter cve@mitre.org
Modified 2020-01-13T18:16:00

Description

A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This vulnerability affects Firefox < 70.