Red Hat Bugzilla – Bug 1277339
CVE-2015-4518 Mozilla: CSP bypass due to permissive Reader mode whitelist (MFSA 2015-118)
Last modified: 2015-11-03 23:57:40 EST
Security researcher Mario Heiderich reported an issue where the security protections of Reader mode in Firefox can be bypassed, allowing scripts to be run. Mozilla developer Frederik Braun independently discovered and reported this same issue as well. This issue happens even though Reader View explicitly disables script for rendered pages through a whitelist of allowed HTML content. Mario discovered that the whitelist was too permissive and a malicious site could manipulate content to bypass CSP protections, allowing for possible cross-site scripting (XSS) attacks.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mario Heiderich as the original reporter.
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.