First published: Wed Dec 16 2015(Updated: )
Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <=42.0 | |
Fedoraproject Fedora | =22 | |
Fedoraproject Fedora | =23 | |
openSUSE | =42.1 | |
openSUSE | =13.1 | |
openSUSE | =13.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2015-7211 is classified as moderate due to its potential for spoofing attacks.
To fix CVE-2015-7211, users should upgrade to Mozilla Firefox version 43.0 or later.
CVE-2015-7211 affects Mozilla Firefox versions prior to 43.0.
Yes, CVE-2015-7211 also affects certain versions of Fedora and openSUSE distributions.
CVE-2015-7211 allows remote attackers to spoof web sites via mishandled data: URIs.