Security Advisory

CVE-2015-4518

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-11-05 02:00:00

Last updated 2024-08-06 06:18:11

Assigner mozilla

State PUBLISHED

Description

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

← Browse all CVEs View on cve.org ↗