EUVD-2008-3566

Malware in sbrugna...

EUVD-2016-3043

Malware in sbrugna...

Gratipay: CSP Policy Bypass and javascript execution

Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to declare...

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

CVE-2016-1954

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

Mozilla: Local file overwriting and potential privilege escalation through CSP reports (MFSA 2016-17)

The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy CSP violation report, which allows remote attackers to cause a denial of service data...

Content Security Policy 1.0 implementation errors cause data leakage — Mozilla

Security researcher Karthikeyan Bhargavan of Prosecco at INRIA reported Content Security Policy CSP 1.0 implementation errors. CSP violation reports generated by Firefox and sent to the "report-uri" location include sensitive data within the "blocked-uri" parameter. These include fragment...