Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:27031
HistorySep 21, 2020 - 6:31 a.m.

Arbitrary Code Injection

2020-09-2106:31:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
arbitrary code injection
content security policy
css
firefox

EPSS

0.001

Percentile

36.2%

firefox is vulnerable to arbitrary code injection. When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy.

Affected configurations

Vulners
Node
-firefox\Matchbionic59.0.2+build1
OR
-firefox\Matchxenial45.0.2+build1
OR
-firefox\Matcheoan69.0.3+build1
OR
-firefox\Matchedge73.0.1-r1
OR
-firefox\Matchbionic59.0.2+build1
OR
-firefox\Matchxenial45.0.2+build1
OR
-firefox\Matcheoan69.0.3+build1
OR
-firefox\Matchedge73.0.1-r1
VendorProductVersionCPE
-firefox\bioniccpe:2.3:a:-:firefox\:bionic:59.0.2+build1:*:*:*:*:*:*:*
-firefox\xenialcpe:2.3:a:-:firefox\:xenial:45.0.2+build1:*:*:*:*:*:*:*
-firefox\eoancpe:2.3:a:-:firefox\:eoan:69.0.3+build1:*:*:*:*:*:*:*
-firefox\edgecpe:2.3:a:-:firefox\:edge:73.0.1-r1:*:*:*:*:*:*:*