CVE-2015-0818 — Improperly Implemented Security Check for Standard in Mozilla Firefox

CWE-264 CWE-358 — Improperly Implemented Security Check for Standard9 documents7 sources

Severity

7.5HIGHNVD

EPSS

2.1%

top 15.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Firefox ESR

Timeline

PublishedMar 24

Latest updateMay 17

Description

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶Ubuntumozilla/firefox< 36.0.4+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox36.0.3+6

▶NVDmozilla/firefox_esr5 versions+4

▶NVDmozilla/seamonkey2.33.0

🔴Vulnerability Details

GHSA

GHSA-rr7h-5qv5-g84f: Mozilla Firefox before 36↗2022-05-17

▶

CVEList

CVE-2015-0818: Mozilla Firefox before 36↗2015-03-24

▶

OSV

CVE-2015-0818: Mozilla Firefox before 36↗2015-03-22

▶

OSV

firefox vulnerabilities↗2015-03-22

▶

📋Vendor Advisories

Red Hat

Mozilla: Same-origin bypass through anchor navigation (MFSA 2015-40)↗2015-03-31

▶

Ubuntu

Firefox vulnerabilities↗2015-03-22

▶

Red Hat

Mozilla: Privilege escalation through SVG navigation (MFSA 2015-28)↗2015-03-21

▶

💬Community

Bugzilla

CVE-2015-0818 Mozilla: Privilege escalation through SVG navigation (MFSA 2015-28)↗2015-03-21

▶