Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-7207

Опубликовано: 16 дек. 2015
Источник: redhat
CVSS2: 4.3

Описание

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

Отчет

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1291581Mozilla: Same-origin policy violation using perfomance.getEntries and history navigation (MFSA 2015-136)

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-7207

ubuntu
около 10 лет назад

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

nvd логотип

CVE-2015-7207

nvd
около 10 лет назад

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

debian логотип

CVE-2015-7207

debian
около 10 лет назад

Mozilla Firefox before 43.0 does not properly restrict the availabilit ...

github логотип

GHSA-5845-x3vj-jgw8

github
больше 3 лет назад

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

fstec логотип

BDU:2015-12249

fstec
около 10 лет назад

Уязвимость браузера Firefox, позволяющая нарушителю получить конфиденциальную информацию или обойти существующую политику ограничения доступа

4.3 Medium

CVSS2