CVE-2015-8510

MEDIUM

Mozilla Firefox OS <2.5 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking.

References (2)

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1190038

[Vendor Advisory] http://www.mozilla.org/security/announce/2015/mfsa2015-153.html

Scores

CVSS v3 6.1

EPSS 0.0030

EPSS Percentile 53.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (1)

mozilla/firefox_os < 2.2

Timeline

Published Jan 09, 2016

Tracked Since Feb 18, 2026