CVE-2015-0801 — Improperly Implemented Security Check for Standard in Mozilla Firefox

CWE-264 CWE-358 — Improperly Implemented Security Check for Standard9 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 21.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird Mozilla Firefox ESR

Timeline

PublishedApr 1

Latest updateMay 17

Description

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶Ubuntumozilla/firefox< 37.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox31.5.3+7

▶NVDmozilla/firefox_esr5 versions+4

▶Ubuntumozilla/thunderbird< 1:31.6.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/thunderbird31.5

🔴Vulnerability Details

GHSA

GHSA-q4j2-qr5x-493m: Mozilla Firefox before 37↗2022-05-17

▶

OSV

thunderbird vulnerabilities↗2015-04-02

▶

OSV

CVE-2015-0801: Mozilla Firefox before 37↗2015-04-01

▶

OSV

firefox vulnerabilities↗2015-04-01

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2015-04-02

▶

Ubuntu

Firefox vulnerabilities↗2015-04-01

▶

Red Hat

Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40)↗2015-03-31

▶

💬Community

Bugzilla

CVE-2015-0801 Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40)↗2015-03-30

▶