EPSS
Percentile
38.7%
firefox is vulnerable to content security policy (CSP) bypass. An attacker is able to bypass CSP directives by using a wildcard '*'which causes any port or path restriction of the directive to be ignored.
'*'
bugzilla.mozilla.org/show_bug.cgi?id=1388015
www.mozilla.org/security/advisories/mfsa2019-25/