CVE-2016-2816
Mozilla Firefox before 46.0 allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via the multipart/x-mixed-replace content type.
Date published : 2016-04-30
http://www.mozilla.org/security/announce/2016/mfsa2016-45.html