CVE-2014-1485

Publication date 5 February 2014

Last updated 24 July 2024


Ubuntu priority

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.

Status

Package Ubuntu Release Status
firefox 13.10 saucy
Fixed 27.0+build1-0ubuntu0.13.10.1
12.10 quantal
Fixed 27.0+build1-0ubuntu0.12.10.1
12.04 LTS precise
Fixed 27.0+build1-0ubuntu0.12.04.1
10.04 LTS lucid Ignored end of life

References

Related Ubuntu Security Notices (USN)

    • USN-2102-1
    • Firefox vulnerabilities
    • 10 February 2014

Other references