PT-2015-7474 · Mozilla+3 · Firefox+3

Abdulrahman Alqabandi

Publicado

2015-10-15

Atualizado

2024-12-12

CVE-2015-7184

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 41.0.2

Description The issue concerns the implementation of the fetch API in Mozilla Firefox, where access to the HTTP response body is not properly restricted in certain situations. This occurs when user credentials are supplied, but the CORS cross-origin request algorithm is not followed correctly. As a result, remote attackers can bypass the Same Origin Policy by manipulating a website.

Recommendations For versions prior to 41.0.2, update to version 41.0.2 or later to resolve the issue.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

ALT-PU-2015-1897

ALT-PU-2016-1454

CVE-2015-7184

OPENSUSE-SU-2015_1817-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-2768-1

Produtos afetados

Alt Linux

Firefox

Suse

Ubuntu

PT-2015-7474 · Mozilla+3 · Firefox+3

CVE-2015-7184

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2354