CVE-2015-7193
CVSS v2.0
7.5 (High)
EPSS
2.69 % (91th)
Affected Products
2
Advisories
13
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.
Weaknesses
- CWE-254
- 7PK - Security Features
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2015-11-05 05:59:17
(8 years ago) - Updated Date
-
2016-12-07 18:23:11
(7 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...