CVE-2015-7187
CVSS v2.0
4.3 (Medium)
EPSS
0.34 % (72th)
Affected Products
1
Advisories
3
The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.
Weaknesses
- CWE-254
- 7PK - Security Features
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2015-11-05 05:59:11
(8 years ago) - Updated Date
-
2016-12-07 18:23:04
(7 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...