virus logo FortiClient Vulnerability

Mozilla SeaMonkey CVE-2015-4490 Cross Site Scripting Vulnerability

description-logoDescription

Mozilla security engineer Christoph Kerschbaumer reported a discrepancy in Mozilla's implementation of Content Security Policy and the CSP specification. The specification states that blob:, data:, and filesystem: URLs should be excluded in case of a wildcard when matching source expressions but Mozilla's implementation allows these in the case of an asterisk wildcard. This could allow for more permissive CSP usage than expected by a web developer, possibly allowing for cross-site scripting (XSS) attacks.

affected-products-logoAffected Applications

SeaMonkey

CVE References

CVE-2015-4490

Other References

https://www.mozilla.org/en-US/security/advisories/mfsa2015-91
ID 60014
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Mozilla
Patch manual
Application SeaMonkey