Your submission was sent successfully! Close

CVE-2014-1485

Published: 5 February 2014

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (27.0+build1-0ubuntu0.12.04.1)
quantal
Released (27.0+build1-0ubuntu0.12.10.1)
saucy
Released (27.0+build1-0ubuntu0.13.10.1)
upstream
Released (27.0)