|
|
Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a security-bypass weakness that affects the Content Security Policy's (CSP) inline-script blocking security feature. An attacker can exploit this issue to bypass the inline-script blocking security feature of the affected applications. The attacker can perform cross-site scripting attacks on web applications that rely on this feature of CSP for protection. Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials by conducting cross-site scripting attacks. This issue is fixed in: Firefox 13.0 Firefox ESR 10.0.5 Thunderbird 13.0 Thunderbird ESR 10.0.5 SeaMonkey 2.10 |
|
Privacy Statement |