Описание
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 44.0.2+build1-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [44.0.2+build1-0ubuntu0.14.04.1]] |
| precise | released | 44.0.2+build1-0ubuntu0.12.04.1 |
| trusty | released | 44.0.2+build1-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [44.0.2+build1-0ubuntu0.14.04.1] |
| upstream | released | 44.0.2 |
| vivid | ignored | end of life, was needed |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | released | 44.0.2+build1-0ubuntu0.15.10.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | not-affected | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid | not-affected | |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
Mozilla Firefox before 44.0.2 does not properly restrict the interacti ...
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3