CVE-2015-8510Cross-site Scripting in Mozilla Firefox OS

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 46.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox OS
Timeline
PublishedJan 9
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-g5pm-j274-99gh: Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 22022-05-17
CVEList
CVE-2015-8510: Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 22016-01-09
CVE-2015-8510 — Cross-site Scripting in Mozilla | cvebase