CVE-2015-4518 Information
Description
The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://www.mozilla.org/security/announce/2015/mfsa2015-118.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034069 http://www.ubuntu.com/usn/USN-2785-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1136692 https://bugzilla.mozilla.org/show_bug.cgi?id=1182778 https://security.gentoo.org/glsa/201512-10
Share on: