4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.3%
Security Researcher Mike Brooks of Sitewatch reported that if multiple Content Security Policy (CSP) headers are present on a page, they have an additive effect page policy. Using carriage return line feed (CRLF) injection, a new CSP rule can be introduced which allows for cross-site scripting (XSS) on sites with a separate header injection vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 11 | |
firefox esr | lt | 10.0.3 | |
seamonkey | lt | 2.8 | |
thunderbird | lt | 11 | |
thunderbird esr | lt | 10.0.3 |