NuytsTech Security

CVE-2015-7191

by ·

Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)."

Date published : 2015-11-04

http://www.mozilla.org/security/announce/2015/mfsa2015-125.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Tags: