CVE-2015-0820 — Improper Access Control in Mozilla Firefox

CWE-284 — Improper Access Control7 documents4 sources

Severity

2.6LOWNVD

OSV4.3

EPSS

0.3%

top 43.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Opensuse

Timeline

PublishedFeb 25

Latest updateMay 14

Description

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶Ubuntumozilla/firefox< 36.0+build2-0ubuntu0.14.04.4+1

▶NVDmozilla/firefox35.0.1+214

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-hqqw-w569-86hm: Mozilla Firefox before 36↗2022-05-14

▶

OSV

firefox regression↗2015-03-09

▶

OSV

firefox vulnerabilities↗2015-02-25

▶

OSV

CVE-2015-0820: Mozilla Firefox before 36↗2015-02-25

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2015-03-09

▶

Ubuntu

Firefox vulnerabilities↗2015-02-25

▶