CVE-2019-11737
N/A
N/A
Summary
If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | unspecified < 69 | affected |
Weaknesses
- Content security policy directives ignore port and path if host is a wildcard
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1388015
- https://www.mozilla.org/security/advisories/mfsa2019-25/
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1388015
- https://www.mozilla.org/security/advisories/mfsa2019-25/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.