[
https://issues.apache.org/jira/browse/OFBIZ-9991?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16262368#comment-16262368 ]
Jacques Le Roux edited comment on OFBIZ-9991 at 11/22/17 1:59 PM:
------------------------------------------------------------------
This is due to the CSP policy I put in OFBiz recently. Normally it only reports in js console but due to something I changed in FF it got blocked. Not an addon it seems, I guess I change something in FF config. Anyway I have just installed 3 others CSP related addons :D) .
This is a good news because it seems we have no other case like that, to be checked though... And yes attackers can use images:
https://thehackernews.com/2015/06/Stegosploit-malware.htmlwas (Author: jacques.le.roux):
This is due to the CSP policy I put in OFBiz recently. Normally it only reports in js console but due to something I changed in FF (not an addon it seems, I guess I change something in FF config. Anyway I have just installed 3 others CSP related addons :D) it got blocked.
This is a good news because it seems we have no other case like that, to be checked though... And yes attackers can use images:
https://thehackernews.com/2015/06/Stegosploit-malware.html--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Locked
