Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-17000 - log back

CVE-2019-17000 edited at 26 Oct 2019 21:33:30

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Access restriction bypass

Description

+	A CSP bypass has been found in Firefox 69, where an object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs.

References

+	https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000
+	https://bugzilla.mozilla.org/show_bug.cgi?id=1441468

Notes

CVE-2019-17000 created at 26 Oct 2019 17:47:06