Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2016-02-13T02:00:00
Updated: 2016-12-02T20:57:01
Reserved: 2016-01-20T00:00:00
Link: CVE-2016-1949
JSON object: View
NVD Information
Status : Modified
Published: 2016-02-13T02:59:12.977
Modified: 2016-12-06T03:07:54.350
Link: CVE-2016-1949
JSON object: View
Redhat Information
No data.
CWE