Unrated severityNVD Advisory· Published Dec 16, 2015· Updated Jun 17, 2026
CVE-2015-7215
CVE-2015-7215
Description
The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the fetch API to attempt resource access that throws an exception, leading to information disclosure after a rethrow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=42.0
- (no CPE)range: <43.0
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
Patches
Vulnerability mechanics
References
14- www.mozilla.org/security/announce/2015/mfsa2015-140.htmlnvdVendor Advisory
- www.w3.org/Bugs/Public/show_bug.cginvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-12/msg00104.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-02/msg00007.htmlnvd
- lists.opensuse.org/opensuse-updates/2016-02/msg00008.htmlnvd
- www.securityfocus.com/bid/79280nvd
- www.securitytracker.com/id/1034426nvd
- www.ubuntu.com/usn/USN-2833-1nvd
- bugzilla.mozilla.org/show_bug.cginvd
- github.com/whatwg/html/issues/164nvd
- github.com/whatwg/html/pull/166nvd
- security.gentoo.org/glsa/201512-10nvd
News mentions
0No linked articles in our index yet.