Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201510-10 ========================================= Severity: High Date : 2015-10-16 CVE-ID : CVE-2015-7184 Package : firefox Type : cross-origin restriction bypass Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package firefox before version 41.0.2-1 is vulnerable to cross-origin restriction bypass. Resolution ========= Upgrade to 41.0.2-1. # pacman -Syu "firefox>=41.0.2-1" The problem has been fixed upstream in version 41.0.2. Workaround ========= None. Description ========== Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue. Impact ===== A remote attacker can bypass the cross-origin resource sharing policy to access sensitive information. References ========= https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ https://www.cve.org/CVERecord?id=CVE-2015-7184