Published: 05/11/2015 Updated: 07/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Mozilla Firefox prior to 42.0 and Firefox ESR 38.x prior to 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote malicious users to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox esr 38.0
mozilla firefox esr 38.0.1
mozilla firefox esr 38.1.1
mozilla firefox esr 38.2.0
mozilla firefox esr 38.2.1
mozilla firefox esr 38.3.0
mozilla firefox esr 38.0.5
mozilla firefox esr 38.1.0
mozilla firefox

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as having Important securityimpact Comm ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Several security issues were fixed in Thunderbird ...

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service For the oldstable distribution (wheezy), these problems have been fixed in ...

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service For the oldstable distribution (wheezy), these proble ...

Mozilla Foundation Security Advisory 2015-127 CORS preflight is bypassed when non-standard Content-Type headers are received Announced November 3, 2015 Reporter Shinto K Anto Impact High Products Firefox, Firefox ESR, Firefo ...

Mozilla Firefox before 420 and Firefox ESR 38x before 384 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step ...

CWE-254 http://www.mozilla.org/security/announce/2015/mfsa2015-127.html https://bugzilla.mozilla.org/show_bug.cgi?id=1210302 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/77411 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html http://www.debian.org/security/2015/dsa-3410 https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-2519.html http://www.debian.org/security/2015/dsa-3393 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http://www.ubuntu.com/usn/USN-2785-1 http://www.ubuntu.com/usn/USN-2819-1 http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1982.html http://www.securitytracker.com/id/1034069 https://access.redhat.com/errata/RHSA-2015:2519 https://usn.ubuntu.com/2785-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-7193

CVE-2015-7193

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect