If a wildcard ('*') is specified for the host in Content Security Policy (CSP) directives, any port or path restriction of the directive will be ignored, leading to CSP directives not being properly applied to content. This vulnerability affects Firefox < 69.
Si es especificado un comodín ('*') para el host en las directivas de Content Security Policy (CSP), será ignorada cualquier restricción de puerto o ruta de la directiva, lo que provocará que las directivas CSP no se apliquen correctamente al contenido. Esta vulnerabilidad afecta a Firefox versiones anteriores a 69.
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy protections, bypass same-origin restrictions, conduct cross-site scripting attacks, cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
