CVE Daily

CVE-2015-7187

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" pa...

Medium CVSS 4.3

Overview

The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension.

CWE: CWE-254 Published: 2015-11-05T05:59:11.183
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 4.3 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags