CVE-2015-7187

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 42.0

Description The issue is related to errors in security settings within the Add-on SDK of Mozilla Firefox. It allows a remote attacker to conduct cross-site scripting (XSS) attacks using specially crafted JavaScript code. The vulnerability arises from the misinterpretation of a "script: false" panel setting, making it easier for attackers to execute inline JavaScript code within third-party extensions.

Recommendations For versions prior to 42.0, update to version 42.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of third-party extensions until the update is applied.