4 matches found
Mozilla Firefox Security Advisory (MFSA2020-01) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2019-17020
CVE-2019-17020 affects Firefox before 72.0. The issue is a Content Security Policy bypass where an XML file served with CSP includes an XSL stylesheet, and the CSP is not applied to the XSL contents (e.g., JavaScript), bypassing restrictions on the XML document. Impact is CSP bypass via XSL in XM...
CVE-2019-17020
If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security...
Mozilla Firefox < 72.0
The version of Firefox installed on the remote Windows host is prior to 72.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-01 advisory. - Mozilla developers Karl Tomlinson, Jason Kratzer, Tyson Smith, Jon Coppeard, and Christian Holler reported memory safet...