---

CVE-2017-7834 - log back

CVE-2017-7834 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ A data: URL loaded in a new tab of Firefox before 57.0 did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834 + https://bugzilla.mozilla.org/show_bug.cgi?id=1358009
Notes