Описание
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 41.0+build3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [41.0+build3-0ubuntu0.14.04.1]] |
| precise | released | 41.0+build3-0ubuntu0.12.04.1 |
| trusty | released | 41.0+build3-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [41.0+build3-0ubuntu0.14.04.1] |
| upstream | released | 41.0 |
| vivid | released | 41.0+build3-0ubuntu0.15.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:38.3.0+build1-0ubuntu2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:38.3.0+build1-0ubuntu0.14.04.1]] |
| precise | released | 1:38.3.0+build1-0ubuntu0.12.04.1 |
| trusty | released | 1:38.3.0+build1-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1:38.3.0+build1-0ubuntu0.14.04.1] |
| upstream | released | 38.3.0 |
| vivid | released | 1:38.3.0+build1-0ubuntu0.15.04.1 |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow rem ...
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти механизм защиты CORS
EPSS
6.4 Medium
CVSS2