CVE-2015-7207 Information

Feb 14, 2021 cve

Description

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls a related issue to CVE-2015-1300.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html http://www.mozilla.org/security/announce/2015/mfsa2015-136.html http://www.securityfocus.com/bid/79280 http://www.securitytracker.com/id/1034426 http://www.ubuntu.com/usn/USN-2833-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1185256 https://github.com/w3c/resource-timing/issues/29 https://security.gentoo.org/glsa/201512-10

Share on: