Lucene search
Mozilla FoundationMFSA2015-132HistoryNov 03, 2015 - 12:00 a.m.
Mixed content WebSocket policy bypass through workers — Mozilla
2015-11-0300:00:00
Mozilla Foundation
www.mozilla.org
33
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.009 Low
EPSS
Percentile
82.5%
Mozilla developer Ehsan Akhgari reported a mechanism through which a web worker could be used to bypass secure requirements for WebSockets when workers are used to create WebSockets. This allows for the bypassing of mixed content WebSocket policy.
Affected configurations
Node
mozillafirefoxRange<42
ORmozillafirefox_esrRange<38.4
ORmozillathunderbirdRange<38.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| firefox | lt | 42 | |
| firefox esr | lt | 38.4 | |
| thunderbird | lt | 38.4 |
Related
cve
cve
CVE-2015-7197
2015-11-05 05:59:21
cvelist
cvelist
CVE-2015-7197
2015-11-05 02:00:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-132) - Linux
2021-11-11 00:00:00
CentOS Update for thunderbird CESA-2015:2519 centos6
2015-12-11 00:00:00
Mageia: Security Advisory (MGASA-2015-0462)
2015-12-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-7197
2015-11-04 00:00:00
nvd
nvd
CVE-2015-7197
2015-11-05 05:59:21
prion
prion
Code injection
2015-11-05 05:59:00
nessus
nessus
Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20151126)
2015-11-30 00:00:00
Oracle Linux 6 / 7 : thunderbird (ELSA-2015-2519)
2015-11-30 00:00:00
RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:2519)
2015-11-30 00:00:00
redhat
redhat
(RHSA-2015:2519) Important: thunderbird security update
2015-11-26 00:00:00
(RHSA-2015:1982) Critical: firefox security update
2015-11-04 00:00:00
mageia
mageia
Updated thunderbird packages fix security vulnerability
2015-11-28 02:11:20
Updated firefox, nspr, nss packages fix security vulnerability
2015-11-04 21:03:05
Updated iceape packages fix security vulnerabilities
2015-11-17 00:36:58
oraclelinux
oraclelinux
thunderbird security update
2015-11-27 00:00:00
firefox security update
2015-11-04 00:00:00
centos
centos
thunderbird security update
2015-11-27 06:41:12
firefox security update
2015-11-04 15:58:03
veracode
veracode
Buffer Overflow
2019-05-02 05:43:39
Arbitrary Code Execution
2019-05-02 05:43:39
Authentication Bypass
2019-05-02 05:43:38
ubuntu
ubuntu
Thunderbird vulnerabilities
2015-12-01 00:00:00
Firefox vulnerabilities
2015-11-04 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-11-12 20:10:40
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-11-06 17:11:17
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)
2015-11-12 17:11:49
debian
debian
[SECURITY] [DSA 3393-1] iceweasel security update
2015-11-04 18:42:15
[SECURITY] [DSA 3410-1] icedove security update
2015-12-01 22:21:29
archlinux
archlinux
firefox: multiple issues
2015-11-04 00:00:00
kaspersky
kaspersky
KLA10689 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-11-03 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-11-03 00:00:00
ibm
ibm
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-12-30 00:00:00
5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.009 Low
EPSS
Percentile
82.5%
Related for MFSA2015-132