3 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-17000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the...
CVE-2019-17000
CVE-2019-17000 affects Firefox versions older than 70. A CSP bypass exists where an object tag with a data: URI did not inherit the parent document’s Content Security Policy in cross-origin frames, potentially allowing inline-script execution in protected documents. Root cause: CSP not correctly ...
Security vulnerabilities fixed in - Firefox 70 — Mozilla
Incorrect derivation of a packet length in WebRTC caused heap corruption via a crafted video file. This resulted in a potentially exploitable crash. In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to...