CVE-2018-5175: Universal CSP strict-dynamic bypass in Firefox

In Summary :

A mechanism to bypass Content Security Policy (CSP) protections on sites that have a script-src policy of 'strict-dynamic'. If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the require.js library that is part of Firefox’s Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts [...]

kindly refer the following link as follow up :
https://ift.tt/2Lr8nS1