CVE-2015-4518

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 42.0

Description The issue is related to an improper whitelist in the Reader View implementation, making it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism. This allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL.

Recommendations For versions prior to 42.0, update to version 42.0 or later to resolve the issue. As a temporary workaround, consider disabling the Reader View feature until a patch is available. Restrict access to SVG animations and the about:reader URL to minimize the risk of exploitation.