CVE-2014-1504 (retired)

Priority
Description
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey
before 2.25 does not consider the Content Security Policy of a data: URL,
which makes it easier for remote attackers to conduct cross-site scripting
(XSS) attacks via a crafted document that is accessed after a browser
restart.
Assigned-to
chrisccoulson
Package
Upstream:released (28.0)
More Information

Updated: 2019-08-23 09:01:05 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)