Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0802

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-0802
Last Modified 03 Jun 2015 10:02:28
Published 01 Apr 2015 06:59:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0802

Summary

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

Vulnerable Systems

Application

  • Mozilla Firefox 36.0.4


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=1124898

CONFIRM - http://www.mozilla.org/security/announce/2015/mfsa2015-42.html

UBUNTU - USN-2550-1

SECTRACK - 1031996

SUSE - openSUSE-SU-2015:0677

Related Patches

Mozilla Firefox 37.0 for Mac OS X (See Notes)


Last Updated: 27 May 2016 11:08:54