CVE-2014-1485 (retired)

Priority
Description
The Content Security Policy (CSP) implementation in Mozilla Firefox before
27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to
style-src directives instead of script-src directives, which might allow
remote attackers to execute arbitrary XSLT code by leveraging insufficient
style-src restrictions.
Assigned-to
chrisccoulson
Package
Upstream:released (27.0)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Updated: 2019-03-26 12:12:36 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)