The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
2015-12-16T11:59:13.540
2025-04-12T10:46:40.837
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | fedoraproject | fedora | 22 | Yes |
Operating System | fedoraproject | fedora | 23 | Yes |
Operating System | opensuse | leap | 42.1 | Yes |
Operating System | opensuse | opensuse | 13.1 | Yes |
Operating System | opensuse | opensuse | 13.2 | Yes |
Application | mozilla | firefox | ≤ 42.0 | Yes |