CVE-2014-1485
CVE-2014-1485
The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.htmlhttp://osvdb.org/102871https://8pecxstudios.com/?page_id=44080https://bugzilla.mozilla.org/show_bug.cgi?id=910139http://secunia.com/advisories/56706http://secunia.com/advisories/56767http://secunia.com/advisories/56787http://secunia.com/advisories/56888https://exchange.xforce.ibmcloud.com/vulnerabilities/90891https://security.gentoo.org/glsa/201504-01