Описание
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 43.0+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [43.0+build1-0ubuntu0.14.04.1]] |
| precise | released | 43.0+build1-0ubuntu0.12.04.1 |
| trusty | released | 43.0+build1-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [43.0+build1-0ubuntu0.14.04.1] |
| upstream | released | 43.0 |
| vivid | released | 43.0+build1-0ubuntu0.15.04.1 |
| wily | released | 43.0+build1-0ubuntu0.15.10.1 |
Показывать по
5 Medium
CVSS2
Связанные уязвимости
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
The importScripts function in the Web Workers API implementation in Mo ...
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
Уязвимость браузера Firefox, позволяющая нарушителю обойти существующую политику ограничения доступа и привести к раскрытию информации
5 Medium
CVSS2