mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-09 06:55:56 +02:00
0xMarcio
1.0 KiB
1.0 KiB
CVE-2019-11738
Description
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
POC
Reference
Github
No PoCs found on GitHub currently.