The Reader View implementation in Mozilla Firefox prior to 42.0 has an improper whitelist, which makes it easier for remote malicious users to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |