漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox和Mozilla Firefox ESR 安全漏洞
Vulnerability Description
Mozilla Firefox和Mozilla Firefox ESR都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。 Firefox 129之前版本和Firefox ESR 128.1之前版本存在安全漏洞,该漏洞源于在受严格动态模式的内容安全策略保护网站上,攻击者可以注入HTML元素实现跨站脚本,从而绕过CSP严格动态保护。
CVSS Information
N/A
Vulnerability Type
N/A