CVE-2015-7223 — Cross-site Scripting in Mozilla Firefox
Severity
4.0MEDIUMNVD
OSV10.0
EPSS
0.7%
top 26.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 16
Latest updateMay 14
Description
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site.
CVSS vector
AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9
Affected Packages4 packages
Also affects: Fedora 22, 23
🔴Vulnerability Details
3📋Vendor Advisories
2💬Community
1Bugzilla▶
CVE-2015-7223 Mozilla: Privilege escalation vulnerabilities in WebExtension APIs (MFSA 2015-148)↗2015-12-15