Firefox < 41.0.2 'fetch' API Cross-Origin Bypass
Medium Nessus Plugin ID 86418
SynopsisThe remote Windows host contains a web browser that is affected by a cross-origin restriction bypass vulnerability.
DescriptionThe version of Firefox installed on the remote Windows host is prior to 41.0.2. It is, therefore, affected by a cross-origin restriction bypass vulnerability in the fetch() API due to an incorrect implementation of the Cross-Origin Resource Sharing (CORS) specification. A remote attacker can exploit this, via a malicious website, to access private data from other origins.
SolutionUpgrade to Firefox 41.0.2 or later.