CVE-2015-7207

CVSS v2.0 5 (Medium)

EPSS 0.54 % (78^th)

Affected Products 4

Advisories 3

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Related CVEs

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-12-16 11:59:06
(8 years ago)
Updated Date: 2018-10-30 16:27:35
(5 years ago)

Affected Products

Fedoraproject

Fedora

Mozilla

Firefox

Opensuse

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 42.0 and prior versions	cpe:2.3:a:mozilla:firefox		<= 42.0

Configuration #2

		CPE23	From	Up To
	Opensuse Leap 42.1	cpe:2.3:o:opensuse:leap:42.1
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Opensuse 13.2	cpe:2.3:o:opensuse:opensuse:13.2

Configuration #3

		CPE23	From	Up To
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1

Configuration #4

		CPE23	From	Up To
	Fedoraproject Fedora 22	cpe:2.3:o:fedoraproject:fedora:22
	Fedoraproject Fedora 23	cpe:2.3:o:fedoraproject:fedora:23