Mozilla Firefox CVE-2015-4518 Cross Site Scripting Vulnerability

description-logoDescription

Security researcher Mario Heiderich reported an issue where the security protections of Reader mode in Firefox can be bypassed, allowing scripts to be run. Mozilla developer Frederik Braun independently discovered and reported this same issue as well. This issue happens even though Reader View explicitly disables script for rendered pages through a whitelist of allowed HTML content. Mario discovered that the whitelist was too permissive and a malicious site could manipulate content to bypass CSP protections, allowing for possible cross-site scripting (XSS) attacks.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2015-4518