Matthew Somerville

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 72 **Description** The issue is related to a security policy error that does not apply to the contents of an XSL stylesheet when an XML file is served with a Content Security Policy and includes an XSL stylesheet. This could allow a remote attacker to compromise data integrity, particularly if the XSL sheet includes JavaScript, thereby bypassing the restrictions of the Content Security Policy applied to the XML document. **Recommendations** For Firefox versions prior to 72, update to version 72 or later to resolve the issue. As a temporary workaround, consider restricting the use of XSL stylesheets in XML files served with a Content Security Policy until a patch is applied.