This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.
This page will reflect the classification results once they are available through NVD.
Any vendor information available is shown as below.
An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140.
| Name | Vendor | Version |
|---|---|---|
| Mozjs68 | Ubuntu/esm-infra/focal | |
| Mozjs68 | Ubuntu/upstream | TBD |
| Mozjs78 | Ubuntu/jammy | |
| Mozjs78 | Ubuntu/upstream | TBD |
| Mozjs78 | Ubuntu/esm-apps/jammy | |
| Thunderbird | Ubuntu/upstream | TBD |
| Thunderbird | Ubuntu/jammy | |
| Mozjs115 | Ubuntu/devel | |
| Mozjs115 | Ubuntu/noble | |
| Mozjs115 | Ubuntu/oracular | |
| Mozjs115 | Ubuntu/plucky | |
| Mozjs115 | Ubuntu/upstream | TBD |
| Mozjs38 | Ubuntu/esm-apps/bionic | TBD |
| Mozjs38 | Ubuntu/upstream | TBD |
| Mozjs91 | Ubuntu/jammy | |
| Mozjs91 | Ubuntu/upstream | TBD |
| Firefox | Ubuntu/upstream | TBD |
| Mozjs102 | Ubuntu/esm-apps/noble | |
| Mozjs102 | Ubuntu/jammy | |
| Mozjs102 | Ubuntu/noble | |
| Mozjs102 | Ubuntu/upstream | TBD |
| Mozjs52 | Ubuntu/esm-apps/focal | |
| Mozjs52 | Ubuntu/esm-infra/bionic | |
| Mozjs52 | Ubuntu/upstream | TBD |