Vulnerability Description
The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 41.0.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-118.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1034069
- http://www.ubuntu.com/usn/USN-2785-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1136692
- https://bugzilla.mozilla.org/show_bug.cgi?id=1182778
- https://security.gentoo.org/glsa/201512-10
- http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-118.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1034069
- http://www.ubuntu.com/usn/USN-2785-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1136692
- https://bugzilla.mozilla.org/show_bug.cgi?id=1182778
FAQ
What is CVE-2015-4518?
CVE-2015-4518 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and...
How severe is CVE-2015-4518?
CVE-2015-4518 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4518?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.