NuytsTech Security

CVE-2015-7197

by ·

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.

Date published : 2015-11-04

http://www.securityfocus.com/bid/77411

http://www.mozilla.org/security/announce/2015/mfsa2015-132.html

Tags: