CVE-2015-7193 (retired)

Priority
Description
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly
follow the CORS cross-origin request algorithm for the POST method in
situations involving an unspecified Content-Type header manipulation, which
allows remote attackers to bypass the Same Origin Policy by leveraging the
lack of a preflight-request step.
Assigned-to
chrisccoulson
Package
Upstream:released (42.0)
Ubuntu 16.04 LTS (Xenial Xerus):released (42.0+build2-0ubuntu1)
Package
Priority: Low
Upstream:released (38.4.0)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:38.4.0+build3-0ubuntu1)
More Information

Updated: 2019-08-23 09:07:41 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)