Mozilla Firefox/Thunderbird/SeaMonkey CSP's Inline-Script Blocking Feature Security Bypass Weakness
Mozilla Firefox, SeaMonkey, and Thunderbird are prone to a security-bypass weakness that affects the Content Security Policy's (CSP) inline-script blocking security feature.
An attacker can exploit this issue to bypass the inline-script blocking security feature of the affected applications. The attacker can perform cross-site scripting attacks on web applications that rely on this feature of CSP for protection.
Successful exploits may allow attackers to execute arbitrary script code and steal cookie-based authentication credentials by conducting cross-site scripting attacks.
This issue is fixed in:
Firefox ESR 10.0.5
Thunderbird ESR 10.0.5