The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
XSS
Mozilla
Privilege Escalation
Firefox
Seamonkey
+5
NVD
VulDB
CVSS 2.0
2.6
EPSS
0.6%