Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mozilla Firefox 安全漏洞
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会开发的一款开源Web浏览器。 Mozilla Firefox 41.0.2之前版本的fetch API实现过程中存在安全漏洞,该漏洞源于在程序提供了用户证书但未使用正确的CORS cross-origin请求算法情况下,没有正确限制访问HTTP响应体。远程攻击者可借助特制的Web站点利用该漏洞绕过同源策略。
CVSS Information
N/A
Vulnerability Type
N/A