CVE-2019-19916

CVE-2019-19916

In Midori Browser 0.5.11 (on Windows 10), Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting (XSS) and other attacks when the product renders the content as HTML. Remediating this would also need to consider the polyglot case, e.g., a file that is a valid GIF image and also valid JavaScript.

Source: CVE-2019-19916

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다