CVE-2014-1485

Priority
Description
The Content Security Policy (CSP) implementation in Mozilla Firefox before
27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to
style-src directives instead of script-src directives, which might allow
remote attackers to execute arbitrary XSLT code by leveraging insufficient
style-src restrictions.
Assigned-to
chrisccoulson
Package
Upstream:released (27.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Updated: 2019-01-14 22:13:30 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)