3 matches found
CLSA-2026-1776957467 libinput: Fix of CVE-2022-1215
CVE-2022-1215: strip format directives from device name...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...