Описание
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
Отчет
This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Enterprise Linux 5 | firefox | Not affected | ||
Red Hat Enterprise Linux 5 | thunderbird | Not affected | ||
Red Hat Enterprise Linux 6 | firefox | Not affected | ||
Red Hat Enterprise Linux 6 | thunderbird | Not affected | ||
Red Hat Enterprise Linux 7 | firefox | Not affected | ||
Red Hat Enterprise Linux 7 | thunderbird | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
The importScripts function in the Web Workers API implementation in Mo ...
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
Уязвимость браузера Firefox, позволяющая нарушителю обойти существующую политику ограничения доступа и привести к раскрытию информации
EPSS
4.3 Medium
CVSS2