CVE-2015-4518
Description
The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.
Risk Information
Base Score
6.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.568
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for Mozilla Firefox (42.0) | Windows |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (42.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (142.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (142.0.1) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 41.0.2 | Mac |
| Mozilla Open Source web browser (USN-2785-1) firefox_42.0+build2-0ubuntu0.15.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2785-1) firefox_42.0+build2-0ubuntu0.15.10.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2880-1) firefox_42.0+build2-0ubuntu0.15.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2880-1) firefox_42.0+build2-0ubuntu0.15.10.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-2893-1) firefox_42.0+build2-0ubuntu0.15.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-2893-1) firefox_42.0+build2-0ubuntu0.15.10.1_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-302187 | Update for Mozilla Firefox (42.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234