Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...