Firefox < 44.0.2 Service Workers Security Bypass
Medium Nessus Plugin ID 88754
SynopsisThe remote Windows host contains a web browser that is affected by a security bypass vulnerability.
DescriptionThe version of Mozilla Firefox installed on the remote Windows host is prior to 44.0.2. It is, therefore, affected by a security bypass vulnerability due to improper restriction of interaction between service workers and plugins. An unauthenticated, remote attacker can exploit this, via a crafted web site that triggers spoofed responses to requests that use NPAPI, to bypass the same-origin policy.
SolutionUpgrade to Mozilla Firefox version 44.0.2 or later.