QwikSec

Security Database

CVE

CWE

Training

CVE-2015-7187

Published: Nov 5, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_GENTOO

http://www.mozilla.org/security/announce/2015/mfsa2015-121.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

x_refsource_CONFIRM

openSUSE-SU-2015:1942

vendor-advisory

x_refsource_SUSE

https://bugzilla.mozilla.org/show_bug.cgi?id=1195735

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.