0.002 Low
EPSS
Percentile
60.0%
Event handlers on “marquee” elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
bugzilla.redhat.com/show_bug.cgi?id=1404086
www.mozilla.org/security/announce/2016/mfsa2016-95/#CVE-2016-9895