CVE-2015-7197 — Mozilla Firefox vulnerability

CWE-2649 documents6 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

1.8%

top 17.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedNov 5

Latest updateMay 17

Description

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Ubuntumozilla/firefox< 42.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox41.0.2+8

▶Ubuntumozilla/thunderbird< 1:38.4.0+build3-0ubuntu0.14.04.1

🔴Vulnerability Details

GHSA

GHSA-q979-jwj6-64wj: Mozilla Firefox before 42↗2022-05-17

▶

OSV

thunderbird vulnerabilities↗2015-12-01

▶

OSV

firefox vulnerabilities↗2015-11-04

▶

OSV

CVE-2015-7197: Mozilla Firefox before 42↗2015-11-04

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2015-12-01

▶

Red Hat

Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)↗2015-11-04

▶

Ubuntu

Firefox vulnerabilities↗2015-11-04

▶

💬Community

Bugzilla

CVE-2015-7197 Mozilla: Mixed content WebSocket policy bypass through workers (MFSA 2015-132)↗2015-11-03

▶