Cross-origin restriction bypass using Fetch?

[Monti]

Hi,

I did a # pkg audit and got this:

# pkg audit
firefox-41.0,1 is vulnerable:
firefox -- Cross-origin restriction bypass using Fetch
CVE: CVE-2015-7184
WWW: https://vuxml.FreeBSD.org/freebsd/79c68ef7-c8ae-4ade-91b4-4b8221b7c72a.html

1 problem(s) in the installed packages found.

I'm not sure what this means. Could someone please explain it to me? More specifically I am thinking about the meaning of "Cross-origin restriction bypass using Fetch" in relation to the Firefox version.

Thanks

 

[chrbr]

Please see https://www.mozilla.org/en-US/security/advisories/ for details. In my opinion it is difficult to find starting from the main page. If pkg audit reports something it is a good idea to update. If it is done via ports it is a good idea to check /usr/ports/UPDATING first if the update(s) requires special attention.

 

[tobik@]

Follow the link given by pkg: https://vuxml.FreeBSD.org/freebsd/79c68ef7-c8ae-4ade-91b4-4b8221b7c72a.html
There is more info there and a link to the Security Advisory.

 

[junovitch@]

See also: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

 

[Monti]

Thanks a lot guys for the info and clarification! I really appreciate the help I'm getting here on this forum. It's very kind

Monti