General : Mozilla Firefox Security Advisory (MFSA2015-56)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.2.1.2015.56

Category: General

Title: Mozilla Firefox Security Advisory (MFSA2015-56) - Linux

Summary: This host is missing a security update for Mozilla Firefox.

Description: Summary:
This host is missing a security update for Mozilla Firefox.

Vulnerability Insight:
Untrusted site hosting trusted page can intercept webchannel responses
Mozilla developer Mark Hammond reported a flaw in how
WebChannel.jsm handles message traffic. He found that
when a trusted page is hosted within an on an<br>untrusted third-party untrusted framing page, the untrusted page could intercept webchannel responses meant for the trusted page, bypassing origin restrictions.<br><br>Affected Software/OS:<br>Firefox version(s) below 38.<br><br>Solution:<br>The vendor has released an update. Please see the reference(s) for more information.<br><br>CVSS Score:<br>4.3<br><br>CVSS Vector:<br>AV:N/AC:M/Au:N/C:P/I:N/A:N<br><br></td></tr> <tr><td class=std valign=top>Cross-Ref:</td><td class=std> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2015-2718">Common Vulnerability Exposure (CVE) ID: CVE-2015-2718</a><br> <a href="http://www.securityfocus.com/bid/74611">BugTraq ID: 74611</a><br> <a href="http://www.securityfocus.com/bid/74611">http://www.securityfocus.com/bid/74611</a><br> <a href="https://security.gentoo.org/glsa/201605-06">https://security.gentoo.org/glsa/201605-06</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2015:0934&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2015:0934 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html">http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html</a><br> <a href="http://www.ubuntu.com/usn/USN-2602-1">http://www.ubuntu.com/usn/USN-2602-1</a><br> </td></tr> <tr><td class=std valign=top>Copyright</td><td class=std>Copyright (C) 2021 Greenbone Networks GmbH</td></tr> </table><P><P> <table BORDER=1 cellspacing=0 cellpadding=5 bgcolor=#eeffee><tr><td class=std valign=top>This is only one of <a href="index.html#cate"><b>145615</b> vulnerability tests</a> in our test suite. Find out more about running a <a href='../smysecure/index.html'>complete security audit</a>.<p>To run a free test of this vulnerability against your system, register below.</td></tr></table><P><P> <br> </div> </div> <br> <hr> <P> <center><div class=xsmall>© 1998-2025 E-Soft Inc. All rights reserved.</div></center> <p> <div id=footer><script>oHelpGlobals.state = ""; </script> <div class=hide id=hsqhelptitle></div> <div class=hide id=hsqhelptext><div class=std></div></div> </div></body> </html>

Test ID:	1.3.6.1.4.1.25623.1.2.1.2015.56
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2015-56) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Untrusted site hosting trusted page can intercept webchannel responses Mozilla developer Mark Hammond reported a flaw in how WebChannel.jsm handles message traffic. He found that when a trusted page is hosted within an on an<br>untrusted third-party untrusted framing page, the untrusted page could intercept webchannel responses meant for the trusted page, bypassing origin restrictions.<br><br>Affected Software/OS:<br>Firefox version(s) below 38.<br><br>Solution:<br>The vendor has released an update. Please see the reference(s) for more information.<br><br>CVSS Score:<br>4.3<br><br>CVSS Vector:<br>AV:N/AC:M/Au:N/C:P/I:N/A:N<br><br></td></tr> <tr><td class=std valign=top>Cross-Ref:</td><td class=std> <a href="/smysecure/catid.html?ctype=cve&id=CVE-2015-2718">Common Vulnerability Exposure (CVE) ID: CVE-2015-2718</a><br> <a href="http://www.securityfocus.com/bid/74611">BugTraq ID: 74611</a><br> <a href="http://www.securityfocus.com/bid/74611">http://www.securityfocus.com/bid/74611</a><br> <a href="https://security.gentoo.org/glsa/201605-06">https://security.gentoo.org/glsa/201605-06</a><br> <a href="http://www.google.com/search?q=openSUSE-SU-2015:0934&ie=UTF-8&oe=UTF-8&hl=en">SuSE Security Announcement: openSUSE-SU-2015:0934 (Google Search)</a><br> <a href="http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html">http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html</a><br> <a href="http://www.ubuntu.com/usn/USN-2602-1">http://www.ubuntu.com/usn/USN-2602-1</a><br> </td></tr> <tr><td class=std valign=top>Copyright</td><td class=std>Copyright (C) 2021 Greenbone Networks GmbH</td></tr> </table><P><P> <table BORDER=1 cellspacing=0 cellpadding=5 bgcolor=#eeffee><tr><td class=std valign=top>This is only one of <a href="index.html#cate"><b>145615</b> vulnerability tests</a> in our test suite. Find out more about running a <a href='../smysecure/index.html'>complete security audit</a>.<p>To run a free test of this vulnerability against your system, register below.</td></tr></table><P><P> <br> </div> </div> <br> <hr> <P> <center><div class=xsmall>© 1998-2025 E-Soft Inc. All rights reserved.</div></center> <p> <div id=footer><script>oHelpGlobals.state = ""; </script> <div class=hide id=hsqhelptitle></div> <div class=hide id=hsqhelptext><div class=std></div></div> </div></body> </html>