Vulnerabilities

CVE-2015-7193

by Fred · 04/11/2015

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

Date published : 2015-11-04

http://www.securityfocus.com/bid/77411

http://www.mozilla.org/security/announce/2015/mfsa2015-127.html

Similar

Tags: Cybersecurity Alert