Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-4490

Published: 16/08/2015 Updated: 30/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Firefox

Vulnerability Summary

The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox prior to 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

opensuse opensuse 13.1

opensuse opensuse 13.2

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.04

oracle solaris 11.3

Vendor Advisories

Ubuntu Security Notice: ubufox update
This update provides compatible packages for Firefox 40 ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: firefox regression
USN-2702-1 introduced a regression in Firefox ...
Mozilla: Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification
Mozilla Foundation Security Advisory 2015-91 Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification Announced August 11, 2015 Reporter Christoph Kerschbaumer Impact Moderate Products F ...
Red Hat: CVE-2015-4490
The nsCSPHostSrc::permits function in dom/security/nsCSPUtilscpp in Mozilla Firefox before 400 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by ...

References

CWE-79http://www.mozilla.org/security/announce/2015/mfsa2015-91.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1086999http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.htmlhttp://www.ubuntu.com/usn/USN-2702-2http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.htmlhttp://www.ubuntu.com/usn/USN-2702-1http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttps://security.gentoo.org/glsa/201605-06http://www.ubuntu.com/usn/USN-2702-3http://www.securitytracker.com/id/1033247https://nvd.nist.govhttps://usn.ubuntu.com/2702-2/https://access.redhat.com/security/cve/cve-2015-4490
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook