CVE-2019-11737
MEDIUMFirefox < 69.0 - Content Security Policy Bypass via Wildcard Host
Title source: llmDescription
If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.
References (2)
Core 2
Core References
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1388015
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2019-25/
Scores
CVSS v3
5.3
EPSS
0.0013
EPSS Percentile
32.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-345
Status
published
Products (1)
mozilla/firefox
< 69.0
Published
Sep 27, 2019
Tracked Since
Feb 18, 2026