[FREEBSD:172B22CB-D3F6-11E5-AC9E-485D605F4717] firefox -- Same-origin-policy violation using Service Workers with plugins
Severity
High
Affected Packages
2
CVEs
1
The Mozilla Foundation reports:
MFSA 2016-13 Jason Pang of OneSignal reported that service workers intercept
responses to plugin network requests made through the browser. Plugins which
make security decisions based on the content of network requests can have these
decisions subverted if a service worker forges responses to those requests. For
example, a forged crossdomain.xml could allow a malicious site to violate the
same-origin policy using the Flash plugin.
| Package | Affected Version |
|---|---|
 pkg:freebsd/linux-firefox
|
< 44.0.2,1 |
|
pkg:freebsd/firefox
|
< 44.0.2,1 |
- ID
- FREEBSD:172B22CB-D3F6-11E5-AC9E-485D605F4717
- Severity
- high
- Severity from
- CVE-2016-1949
- URL
- http://vuxml.freebsd.org/freebsd/172b22cb-d3f6-11e5-ac9e-485d605f4717.html
- Published
-
2016-02-11T00:00:00
(8 years ago) - Modified
-
2016-02-15T00:00:00
(8 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
GLSA-201605-06
USN-2893-1| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:freebsd/linux-firefox |
linux-firefox
|
< 44.0.2,1 | ||||
| Affected | pkg:freebsd/firefox |
firefox
|
< 44.0.2,1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |