3 matches found
CVE-2015-6786
Removed by vendor...
Mozilla Firefox Unicode Character Handling Cross-Site Scripting Vulnerability
Mozilla Firefox is an open source WEB browser. Mozilla Firefox suffers from a security vulnerability in the handling of wildcards in the content security policy in 'blob:', 'data:' and filesystem:' URLs, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML...
UBUNTU-CVE-2015-4490
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote...