Home

CVE-2015-7187

Description

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a script: false panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.

Risk Information

Base Score
6.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.486

Associated Vulnerability

VulnerabilityOS Platform
Update for Mozilla Firefox (42.0)Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (42.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (142.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (142.0.1)Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 41.0.2Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-302187Update for Mozilla Firefox (42.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234