VYPR
Unrated severityNVD Advisory· Published Feb 6, 2014· Updated Jun 17, 2026

CVE-2014-1485

CVE-2014-1485

Description

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17

Patches

Vulnerability mechanics

References

19

News mentions

0

No linked articles in our index yet.