CVE-2019-17001
08.01.2020, 22:15
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70.
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 69.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||||||||||||||
| mozjs38 |
| ||||||||||||||||||||||||||||
| mozjs52 |
| ||||||||||||||||||||||||||||
| mozjs60 |
|