VYPR
Unrated severityNVD Advisory· Published Aug 29, 2015· Updated Jun 17, 2026

CVE-2015-4498

CVE-2015-4498

Description

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

23

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.