The fetch API implementation in Mozilla Firefox prior to 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote malicious users to bypass the Same Origin Policy via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |