mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-27 17:30:27 +01:00
931 B
931 B
CVE-2015-4498
Description
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.
POC
Reference
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.ubuntu.com/usn/USN-2723-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1042699
Github
No PoCs found on GitHub currently.