Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти существующие ограничения доступа

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperl ...

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

ELSA-2015-2519: thunderbird security update (IMPORTANT)

ELSA-2015-1982: firefox security update (CRITICAL)

Security update for MozillaFirefox, mozilla-nspr, mozilla-nss

Security update for MozillaFirefox, mozilla-nspr, mozilla-nss

Security update for MozillaFirefox, mozilla-nspr, mozilla-nss

Security update for MozillaThunderbird

Security update for MozillaFirefox, mozilla-nspr, mozilla-nss, xulrunner, seamonkey