[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-4518Date: (C)2015-12-15   (M)2024-03-27


The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1034069
GLSA-201512-10
USN-2785-1
http://www.mozilla.org/security/announce/2015/mfsa2015-118.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1136692
https://bugzilla.mozilla.org/show_bug.cgi?id=1182778
openSUSE-SU-2015:1942

CPE    1
cpe:/a:mozilla:firefox:41.0.2
CWE    1
CWE-79
OVAL    6
oval:org.secpod.oval:def:31626
oval:org.secpod.oval:def:31627
oval:org.secpod.oval:def:52621
oval:org.secpod.oval:def:702830
...

© SecPod Technologies