CVE-2019-11737

Summary

If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 69affected

Weaknesses

  • Content security policy directives ignore port and path if host is a wildcard

ADP Enrichment

CVE Program Container

Additional References

References