CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.mozilla.org/security/announce/2015/mfsa2015-40.html	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1146339
http://www.ubuntu.com/usn/USN-2552-1
http://rhn.redhat.com/errata/RHSA-2015-0771.html
http://www.ubuntu.com/usn/USN-2550-1
http://www.securitytracker.com/id/1032000
http://www.debian.org/security/2015/dsa-3211
http://rhn.redhat.com/errata/RHSA-2015-0766.html
http://www.securitytracker.com/id/1031996
http://www.debian.org/security/2015/dsa-3212
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
https://security.gentoo.org/glsa/201512-10
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://www.securityfocus.com/bid/73455
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox_esr:31.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.1:::::::*
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.4:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5.2:::::::*
	cpe:2.3:a:mozilla:thunderbird::::::::

Information

Published : 2015-04-01 10:59

Updated : 2017-01-03 02:59

NVD link : CVE-2015-0801

Mitre link : CVE-2015-0801

JSON object : View

Products Affected

mozilla

firefox_esr
thunderbird
firefox

CWE

CWE-264

Permissions, Privileges, and Access Controls

7.5 /10