Mozilla Foundation Security Advisory 2015-118
CSP bypass due to permissive Reader mode whitelist
- November 3, 2015
- Mario Heiderich, Frederik Braun
- Fixed in
- Firefox 42
Security researcher Mario Heiderich reported an issue where the security protections of Reader mode in Firefox can be bypassed, allowing scripts to be run. Mozilla developer Frederik Braun independently discovered and reported this same issue as well. This issue happens even though Reader View explicitly disables script for rendered pages through a whitelist of allowed HTML content. Mario discovered that the whitelist was too permissive and a malicious site could manipulate content to bypass CSP protections, allowing for possible cross-site scripting (XSS) attacks.