Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2015-11-04 21:59
Updated : 2016-12-07 10:23
NVD link : CVE-2015-7197
Mitre link : CVE-2015-7197
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
mozilla
- firefox
- firefox_esr