CVE-2015-4520

Published: Sep 24, 2015Modified: May 6, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.

Affected (8)

Products: Mozilla: Firefox

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Version 38.0.1
Mozilla Firefox	Version 38.0.5
Mozilla Firefox	Version 38.0
Mozilla Firefox	Version 38.1.0
Mozilla Firefox	Version 38.1.1
Mozilla Firefox	Version 38.2.0
Mozilla Firefox	Version 38.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 40.0.3

Related CWEs

References (42)

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-1834.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-1852.html

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3365

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2015/mfsa2015-111.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: security@mozilla.org

http://www.securityfocus.com/bid/76816

Source: security@mozilla.org

http://www.securitytracker.com/id/1033640

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2743-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2743-2

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2743-3

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2743-4

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2754-1

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1200856

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1200869

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1834.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1852.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3365

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2015/mfsa2015-111.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/76816

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1033640

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2743-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2743-2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2743-3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2743-4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2754-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1200856

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1200869

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.