CVEs-PoC/2020/CVE-2020-6813.md

### [CVE-2020-6813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6813)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2074%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=%40import%20statements%20in%20CSS%20could%20bypass%20the%20Content%20Security%20Policy%20nonce%20feature&color=brighgreen)

### Description

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1605814

#### Github
No PoCs found on GitHub currently.