1. Home
  2. Vulnerabilities
  3. CVE-2015-4518

CVE-2015-4518

CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.30 % (70th)
0.30% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2015-11-05 05:59:04
(8 years ago)
Updated Date
2016-12-07 18:13:15
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 41.0.2 and prior versions cpe:2.3:a:mozilla:firefox <= 41.0.2