The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2015-11-05T02:00:00
Updated: 2024-08-06T06:18:11.691Z
Reserved: 2015-06-10T00:00:00
Link: CVE-2015-4518
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-11-05T05:59:04.570
Modified: 2016-12-07T18:13:15.430
Link: CVE-2015-4518
Redhat