Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0802Execution with Unnecessary Privileges in Mozilla Firefox

CWE-264CWE-250Execution with Unnecessary Privileges10 documents8 sources
Severity
5.0MEDIUMNVD
OSV7.5
EPSS
80.4%
top 0.87%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Mozilla FirefoxCanonical Ubuntu LinuxOpensuse
Timeline
PublishedApr 1
Latest updateMay 14

Description

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

Ubuntumozilla/firefox< 37.0+build2-0ubuntu0.14.04.1
NVDmozilla/firefox36.0.4
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

3
GHSA
GHSA-gjrg-r3r9-354j: Mozilla Firefox before 372022-05-14
OSV
CVE-2015-0802: Mozilla Firefox before 372015-04-01
OSV
firefox vulnerabilities2015-04-01

💥Exploits & PoCs

3
Exploit-DB
Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit)2015-08-24
Metasploit
Firefox Proxy Prototype Privileged Javascript Injection
Metasploit
Firefox PDF.js Privileged Javascript Injection

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2015-04-01
Red Hat
Mozilla: Windows can retain access to privileged content on navigation to unprivileged pages (MFSA 2015-42)2015-03-31

💬Community

1
Bugzilla
CVE-2015-0802 Mozilla: Windows can retain access to privileged content on navigation to unprivileged pages (MFSA 2015-42)2015-03-30