6.8

CVE-2015-7184

EPSS 0.24%
Published 18.10.2015 10:59:03
Last modified 12.04.2025 10:46:40
Source security@mozilla.org
Teams watchlist Login
Open Login

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 41.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.475

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00021.html

http://www.mozilla.org/security/announce/2015/mfsa2015-115.html

Vendor Advisory

http://www.securityfocus.com/bid/77100

http://www.securitytracker.com/id/1033820

http://www.ubuntu.com/usn/USN-2768-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1208339

https://bugzilla.mozilla.org/show_bug.cgi?id=1212669

https://nvd.nist.gov/vuln/detail/CVE-2015-7184

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-7184

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-7184

EUVD