5Hint0

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 42.0 Firefox ESR versions prior to 38.4 **Description** The issue is related to the improper handling of the CORS cross-origin request algorithm for the POST method when an unspecified Content-Type header manipulation occurs. This allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. The vulnerability is associated with the incorrect usage of shared resources between different origins, which can be exploited by a remote attacker to bypass existing access restrictions due to the absence of a request checking stage. **Recommendations** For Mozilla Firefox versions prior to 42.0, update to version 42.0 or later. For Firefox ESR versions prior to 38.4, update to version 38.4 or later.