cve/2015/CVE-2015-4518.md

### [CVE-2015-4518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4518)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

### POC

#### Reference
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1136692
- https://bugzilla.mozilla.org/show_bug.cgi?id=1182778

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-4518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4518)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.`

			`### POC`

			`#### Reference`
			`- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html`
			`- https://bugzilla.mozilla.org/show_bug.cgi?id=1136692`
			`- https://bugzilla.mozilla.org/show_bug.cgi?id=1182778`

			`#### Github`
			`No PoCs found on GitHub currently.`