CORS Bypass Vulnerability in Mozilla Firefox

CORS Bypass Vulnerability in Mozilla Firefox

CVE-2015-7193 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step.

Learn more about our Web Application Penetration Testing UK.