Bugzilla – Bug 950686
VUL-0: CVE-2015-7184: Firefox 41.0.2 out of band release
Last modified: 2020-04-05 18:19:51 UTC
Firefox update upcoming to 41.0.2 containing an out of band security fix. MFSA 2015-115/CVE-2015-7184 (bmo#1208339, bmo#1212669) Cross-origin restriction bypass using Fetch
public at https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ Cross-origin restriction bypass using Fetch Announced October 15, 2015 Reporter Abdulrahman Alqabandi Impact High Products Firefox Fixed in Firefox 41.0.2 Description Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue.
I read from the announcement that this does affect the ESR, so it's an openSUSE issue only.
This is an autogenerated message for OBS integration: This bug (950686) was mentioned in https://build.opensuse.org/request/show/339287 Factory / MozillaFirefox https://build.opensuse.org/request/show/339288 Leap:42.1 / MozillaFirefox https://build.opensuse.org/request/show/339289 13.2 / MozillaFirefox https://build.opensuse.org/request/show/339290 13.1 / MozillaFirefox
Releasing for 13.1 and 13.2
openSUSE-SU-2015:1817-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 949983,950686 CVE References: CVE-2015-7184 Sources used: openSUSE 13.2 (src): MozillaFirefox-41.0.2-47.1 openSUSE 13.1 (src): MozillaFirefox-41.0.2-91.1