Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-7184

Published: 18/10/2015 Updated: 24/12/2016
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Firefox

Vulnerability Summary

The fetch API implementation in Mozilla Firefox prior to 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote malicious users to bypass the Same Origin Policy via a crafted web site.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

Vendor Advisories

Ubuntu Security Notice: firefox vulnerability
Firefox could be made to expose sensitive information across origins ...
Mozilla: Cross-origin restriction bypass using Fetch
Mozilla Foundation Security Advisory 2015-115 Cross-origin restriction bypass using Fetch Announced October 15, 2015 Reporter Abdulrahman Alqabandi Impact High Products Firefox Fixed in ...
Red Hat: CVE-2015-7184
The fetch API implementation in Mozilla Firefox before 4102 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site ...

References

CWE-284https://bugzilla.mozilla.org/show_bug.cgi?id=1212669http://www.mozilla.org/security/announce/2015/mfsa2015-115.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1208339http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/77100http://www.securitytracker.com/id/1033820http://www.ubuntu.com/usn/USN-2768-1http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00021.htmlhttps://usn.ubuntu.com/2768-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-7184
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook