Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 41.0.2 (including) |