# Cross-origin restriction bypass using Fetch?



## Monti (Oct 30, 2015)

Hi,

I did a `# pkg audit` and got this:

```
# pkg audit
firefox-41.0,1 is vulnerable:
firefox -- Cross-origin restriction bypass using Fetch
CVE: CVE-2015-7184
WWW: https://vuxml.FreeBSD.org/freebsd/79c68ef7-c8ae-4ade-91b4-4b8221b7c72a.html

1 problem(s) in the installed packages found.
```

I'm not sure what this means. Could someone please explain it to me? More specifically I am thinking about the meaning of "Cross-origin restriction bypass using Fetch" in relation to the Firefox version.

Thanks


----------



## chrbr (Oct 30, 2015)

Please see https://www.mozilla.org/en-US/security/advisories/ for details. In my opinion it is difficult to find starting from the main page. If `pkg audit` reports something it is a good idea to update. If it is done via ports it is a good idea to check /usr/ports/UPDATING first if the update(s) requires special attention.


----------



## tobik@ (Oct 30, 2015)

Follow the link given by pkg: https://vuxml.FreeBSD.org/freebsd/79c68ef7-c8ae-4ade-91b4-4b8221b7c72a.html
There is more info there and a link to the Security Advisory.


----------



## junovitch@ (Oct 31, 2015)

See also: https://en.wikipedia.org/wiki/Cross-origin_resource_sharing


----------



## Monti (Oct 31, 2015)

Thanks a lot guys for the info and clarification! I really appreciate the help I'm getting here on this forum. It's very kind 

Monti


----------

