Ckerschb

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 40.0 **Description** The issue arises from the nsCSPHostSrc::permits function in Mozilla Firefox, which does not implement Content Security Policy Level 2 exceptions for certain URL schemes during wildcard source-expression matching. This could make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior. The vulnerability might allow a remote attacker to inject arbitrary HTML code. **Recommendations** For versions prior to 40.0, update to version 40.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation. Avoid using the vulnerable function `nsCSPHostSrc::permits` until a patch is available.