1
Candidate: CVE-2015-7184
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7184
5
https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
7
The fetch API implementation in Mozilla Firefox before 41.0.2 does not
8
restrict access to the HTTP response body in certain situations where user
9
credentials are supplied but the CORS cross-origin request algorithm is
10
improperly followed, which allows remote attackers to bypass the Same
11
Origin Policy via a crafted web site.
17
Assigned-to: chrisccoulson
20
upstream_firefox: released (41.0.2)
21
precise_firefox: released (41.0.2+build2-0ubuntu0.12.04.1)
22
trusty_firefox: released (41.0.2+build2-0ubuntu0.14.04.1)
23
vivid_firefox: released (41.0.2+build2-0ubuntu0.15.04.1)
24
devel_firefox: released (41.0.2+build2-0ubuntu1)