N/A

If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

N/A

N/A

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。 Mozilla Firefox 69之前版本、Mozilla Firefox ESR 68.1之前版本中存在安全漏洞。攻击者可利用该漏洞运行恶意的JavaScript内容。

N/A

N/A