SecuritySpace - CVE-2018-5175

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-5175

Description: A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-5175
BugTraq ID: 104139
http://www.securityfocus.com/bid/104139
http://www.securitytracker.com/id/1040896
https://usn.ubuntu.com/3645-1/

CVE ID:	CVE-2018-5175
Description:	A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-5175 BugTraq ID: 104139 http://www.securityfocus.com/bid/104139 http://www.securitytracker.com/id/1040896 https://usn.ubuntu.com/3645-1/