Описание
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 42.0+build2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [42.0+build2-0ubuntu0.14.04.1]] |
| precise | released | 42.0+build2-0ubuntu0.12.04.1 |
| trusty | released | 42.0+build2-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [42.0+build2-0ubuntu0.14.04.1] |
| upstream | released | 42.0 |
| vivid | released | 42.0+build2-0ubuntu0.15.04.1 |
| wily | released | 42.0+build2-0ubuntu0.15.10.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1:38.4.0+build3-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1:38.4.0+build3-0ubuntu0.14.04.1]] |
| precise | released | 1:38.4.0+build3-0ubuntu0.12.04.1 |
| trusty | released | 1:38.4.0+build3-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1:38.4.0+build3-0ubuntu0.14.04.1] |
| upstream | released | 38.4.0 |
| vivid | released | 1:38.4.0+build3-0ubuntu0.15.04.1 |
| wily | released | 1:38.4.0+build3-0ubuntu0.15.10.1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperl ...
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующие ограничения доступа
EPSS
5 Medium
CVSS2