CVE-2014-1485

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 27.0 SeaMonkey versions prior to 2.24

Description The Content Security Policy (CSP) implementation operates on XSLT stylesheets according to style-src directives instead of script-src directives. This might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. The issue is related to an error in the implementation of the Content Security Policy when working with XSLT stylesheets, allowing remote attackers to execute arbitrary XSLT code using insufficient style-src directive restrictions.

Recommendations For Mozilla Firefox versions prior to 27.0, update to version 27.0 or later to resolve the issue. For SeaMonkey versions prior to 2.24, update to version 2.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of style-src directives in the Content Security Policy to minimize the risk of exploitation.