VYPR
Unrated severityNVD Advisory· Published Sep 27, 2019· Updated Aug 4, 2024

CVE-2019-11738

CVE-2019-11738

Description

If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

63

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.