CVE-2015-4518

Publication date 4 November 2015

Last updated 24 July 2024

Ubuntu priority

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	15.10 wily	Fixed 42.0+build2-0ubuntu0.15.10.1
	15.04 vivid	Fixed 42.0+build2-0ubuntu0.15.04.1
	14.04 LTS trusty	Fixed 42.0+build2-0ubuntu0.14.04.1
	12.04 LTS precise	Fixed 42.0+build2-0ubuntu0.12.04.1

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2785-1
Firefox vulnerabilities
4 November 2015

Other references

https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/
https://www.cve.org/CVERecord?id=CVE-2015-4518