CVE-2015-4518
N/A
N/A
Summary
The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1034069
- https://security.gentoo.org/glsa/201512-10
- http://www.mozilla.org/security/announce/2015/mfsa2015-118.html
- http://www.ubuntu.com/usn/USN-2785-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1136692
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1182778
References
- http://www.securitytracker.com/id/1034069
- https://security.gentoo.org/glsa/201512-10
- http://www.mozilla.org/security/announce/2015/mfsa2015-118.html
- http://www.ubuntu.com/usn/USN-2785-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1136692
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1182778
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.