CVE-2015-4490 (retired)

Priority
Description
The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in
Mozilla Firefox before 40.0 does not implement the Content Security Policy
Level 2 exceptions for the blob, data, and filesystem URL schemes during
wildcard source-expression matching, which might make it easier for remote
attackers to conduct cross-site scripting (XSS) attacks by leveraging
unexpected policy-enforcement behavior.
Assigned-to
chrisccoulson
Package
Upstream:released (40.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (40.0+build4-0ubuntu0.14.04.1)
More Information

Updated: 2019-03-26 12:15:37 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)