mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 17:22:02 +00:00
944 B
944 B
CVE-2019-17001
Description
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.Note: This flaw only affected Firefox 69 and was not present in earlier versions.. This vulnerability affects Firefox < 70.
POC
Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1587976
- https://bugzilla.mozilla.org/show_bug.cgi?id=1587976
Github
No PoCs found on GitHub currently.