Back to search
CVE-2015-7207
Published: Dec 16, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
openSUSE-SU-2016:0894
vendor-advisory
x_refsource_SUSE
GLSA-201512-10
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2015:2353
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2016:0876
vendor-advisory
x_refsource_SUSE
https://bugzilla.mozilla.org/show_bug.cgi?id=1185256
x_refsource_CONFIRM
https://github.com/w3c/resource-timing/issues/29
x_refsource_MISC
openSUSE-SU-2016:0308
vendor-advisory
x_refsource_SUSE
FEDORA-2015-7ab3d3afcf
vendor-advisory
x_refsource_FEDORA
USN-2833-1
vendor-advisory
x_refsource_UBUNTU
79280
vdb-entry
x_refsource_BID
openSUSE-SU-2016:0307
vendor-advisory
x_refsource_SUSE
http://www.mozilla.org/security/announce/2015/mfsa2015-136.html
x_refsource_CONFIRM
FEDORA-2015-51b1105902
vendor-advisory
x_refsource_FEDORA
1034426
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now