{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2696?format=json","vulnerability_id":"VCID-maa1-xr1m-eqez","summary":"Mozilla security engineer Frederik Braun reported an issue\nwhere the implementation of Content Security Policy (CSP) is not in compliance\nwith the specification. XSLT stylesheets\nmust be subject to script-src directives but Mozilla's\nimplementation of CSP treats them as styles. This could lead to unexpected\nscript execution if the style-src directives were less restrictive\nthan those for scripts.\nIn general this flaw cannot be exploited through email in the\nSeamonkey product because scripting is disabled in mail, but is potentially a\nrisk in browser or browser-like contexts.","aliases":[{"alias":"CVE-2014-1485"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1160?format=json","purl":"pkg:mozilla/Firefox@27.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@27.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1161?format=json","purl":"pkg:mozilla/Seamonkey@2.24.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Seamonkey@2.24.0"}],"affected_packages":[],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1485.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1485.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1485","reference_id":"","reference_type":"","scores":[{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76889","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-1485"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060944","reference_id":"1060944","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1060944"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485","reference_id":"CVE-2014-1485","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1485"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-07","reference_id":"mfsa2014-07","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-07"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-maa1-xr1m-eqez"}