QwikSec

Security Database

CVE

CWE

Training

CVE-2015-4518

Published: Nov 5, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_GENTOO

http://www.mozilla.org/security/announce/2015/mfsa2015-118.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.mozilla.org/show_bug.cgi?id=1136692

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

x_refsource_CONFIRM

openSUSE-SU-2015:1942

vendor-advisory

x_refsource_SUSE

https://bugzilla.mozilla.org/show_bug.cgi?id=1182778

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.