CVE-2019-17001

Name of the Vulnerable Software and Affected Versions Firefox versions 69

Description The issue is related to a Content-Security-Policy bypass that allows the execution of JavaScript in a protected document through an object tag, leading to cross-site scripting. This flaw can be exploited by a remote attacker to gain unauthorized access to confidential data and impact data integrity.

Recommendations For Firefox version 69, update to version 70 or later to resolve the issue. As a temporary workaround, consider disabling the use of object tags in Firefox until a patch is available. Restrict access to sensitive data and ensure proper input validation to minimize the risk of exploitation.