CVE-2015-7184
Description
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.243
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Mozilla Firefox (x64) 41.0.1 | Windows |
| Multiple vulnerabilities affected in Mozilla_Firefox 41.0.1 | Windows |
| Vulnerabilities CVE-2015-7184 are fixed in Update for Mozilla Firefox For Mac (41.0.2) | Mac |
| Vulnerabilities CVE-2015-7184 are fixed in Mozilla Firefox For Mac (141.0.2) | Mac |
| Vulnerabilities CVE-2015-7184,CVE-2015-7204 are affected in Mozilla Firefox for Mac 41.0.1 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343016 | Mozilla Firefox (x64) (132.0.2) |
| PATCH-343015 | Mozilla Firefox (132.0.2) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234