Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0818

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-0818
Last Modified 13 May 2015 10:03:11
Published 23 Mar 2015 08:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0818

Summary

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

Vulnerable Systems

Application

  • Mozilla Firefox 36.0.3

  • Mozilla Firefox Esr 31.0

  • Mozilla Firefox Esr 31.1

  • Mozilla Firefox Esr 31.1.0

  • Mozilla Firefox Esr 31.1.1

  • Mozilla Firefox Esr 31.2

  • Mozilla Firefox Esr 31.3

  • Mozilla Firefox Esr 31.3.0

  • Mozilla Firefox Esr 31.4

  • Mozilla Firefox Esr 31.5

  • Mozilla Firefox Esr 31.5.1

  • Mozilla Firefox Esr 31.5.2

  • Mozilla Seamonkey 2.33.0


References

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=1144988

CONFIRM - http://www.mozilla.org/security/announce/2015/mfsa2015-28.html

UBUNTU - USN-2538-1

SECTRACK - 1031959

DEBIAN - DSA-3201

REDHAT - RHSA-2015:0718

SUSE - openSUSE-SU-2015:0567

SUSE - SUSE-SU-2015:0593

SUSE - openSUSE-SU-2015:0636

SUSE - SUSE-SU-2015:0630

BID - 73265

Related Patches

Mozilla Firefox 36.0.4 for Mac OS X (See Notes)

Mozilla Firefox 31.5.3 ESR for Mac OS X (See Notes)


Last Updated: 27 May 2016 11:08:17