Mozilla » Firefox » 2.0.0.18 : Security Vulnerabilities, CVEs, Published In 2015 (Bypass)

cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

CVE-2015-7184

The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Max CVSS
6.8
EPSS Score
1.09%
Published
2015-10-18
Updated
2016-12-24

CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.
Max CVSS
2.6
EPSS Score
0.39%
Published
2015-02-25
Updated
2018-10-30
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close