Search for vulnerabilities
| Vulnerability ID | VCID-age6-jr9v-2qcq |
| Aliases |
CVE-2015-7197
|
| Summary | Mozilla developer Ehsan Akhgari reported a mechanism through which a web worker could be used to bypass secure requirements for WebSockets when workers are used to create WebSockets. This allows for the bypassing of mixed content WebSocket policy. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 0.0 |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7197.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2015-7197 | ||
| 1277351 | https://bugzilla.redhat.com/show_bug.cgi?id=1277351 | |
| CVE-2015-7197 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197 | |
| mfsa2015-132 | https://www.mozilla.org/en-US/security/advisories/mfsa2015-132 | |
| RHSA-2015:1982 | https://access.redhat.com/errata/RHSA-2015:1982 | |
| RHSA-2015:2519 | https://access.redhat.com/errata/RHSA-2015:2519 | |
| USN-2785-1 | https://usn.ubuntu.com/2785-1/ | |
| USN-2819-1 | https://usn.ubuntu.com/2819-1/ |
| Percentile | 0.7193 |
| EPSS Score | 0.00739 |
| Published At | July 30, 2025, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2025-07-31T08:10:53.868209+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2015/mfsa2015-132.md | 37.0.0 |