Mozilla Firefox prior to 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote malicious users to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |