VYPR
Unrated severityNVD Advisory· Published Aug 16, 2015· Updated Jun 17, 2026

CVE-2015-4490

CVE-2015-4490

Description

The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.