CVE-2015-7187

CVSS v2.0 4.3 (Medium)

EPSS 0.34 % (72^th)

Affected Products 1

Advisories 3

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.

Weaknesses

CWE-254: 7PK - Security Features

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-11-05 05:59:11
(8 years ago)
Updated Date: 2016-12-07 18:23:04
(7 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 41.0.2 and prior versions	cpe:2.3:a:mozilla:firefox		<= 41.0.2