CVE-2015-7188Cross-site Scripting in Mozilla Firefox

CWE-254CWE-79Cross-site Scripting9 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.7%
top 17.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Thunderbird
Timeline
PublishedNov 5
Latest updateMay 17

Description

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Ubuntumozilla/firefox< 42.0+build2-0ubuntu0.14.04.1
NVDmozilla/firefox41.0.2+8
Ubuntumozilla/thunderbird< 1:38.4.0+build3-0ubuntu0.14.04.1

🔴Vulnerability Details

4
GHSA
GHSA-h839-vpf8-pprh: Mozilla Firefox before 422022-05-17
OSV
thunderbird vulnerabilities2015-12-01
OSV
CVE-2015-7188: Mozilla Firefox before 422015-11-04
OSV
firefox vulnerabilities2015-11-04

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2015-12-01
Ubuntu
Firefox vulnerabilities2015-11-04
Red Hat
Mozilla: Trailing whitespace in IP address hostnames can bypass same-origin policy (MFSA 2015-122)2015-11-04

💬Community

1
Bugzilla
CVE-2015-7188 Mozilla: Trailing whitespace in IP address hostnames can bypass same-origin policy (MFSA 2015-122)2015-11-03