GHSA-pcxf-xvjr-2qpp
GitHub Security Advisory
⚠ Unreviewed
MODERATE
Has CVE
Advisory Details
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70.
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: November 24, 2025 6:29 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.