2 matches found
CVE-2018-5164
Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting XSS and other attacks. This vulnerability affects Firefox 60...
CVE-2018-5164
CVE-2018-5164 affects Firefox before 60, where the Content Security Policy (CSP) is not applied to all parts of multipart content using MIME type multipart/x-mixed-replace. This can permit script execution where CSP should block it, enabling an XSS-style issue. The vulnerability is documented acr...