Mozilla Firefox CVE-2016-2833 Vulnerability

description-logoDescription

Mozilla engineer Matt Wobensmith reported that Content Security Policy (CSP) does not block the loading of cross-domain Java applets when specified by policy. This is because the Java applet is loaded by the Java plugin, which then mediates all network requests without checking against CSP. This could allow a malicious site to manipulate content through a Java applet to bypass CSP protections, allowing for possible cross-site scripting (XSS) attacks.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2016-2833