CVE-2015-0821 — Improper Input Validation in Mozilla Firefox

CWE-264 CWE-20 — Improper Input Validation16 documents6 sources

Severity

6.8MEDIUMNVD

OSV4.6OSV4.3

EPSS

1.3%

top 19.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Opensuse

Timeline

PublishedFeb 25

Latest updateMay 17

Description

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶Ubuntumozilla/firefox< 36.0+build2-0ubuntu0.14.04.4+2

▶NVDmozilla/firefox35.0.1+215

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-xq4h-hmq6-ghrv: Mozilla Firefox 38↗2022-05-17

▶

GHSA

GHSA-56ff-h3hc-fjfw: Mozilla Firefox before 36↗2022-05-14

▶

OSV

linux-lts-wily vulnerabilities↗2016-05-09

▶

OSV

CVE-2015-2727: Mozilla Firefox 38↗2015-07-05

▶

OSV

firefox regression↗2015-03-09

▶

📋Vendor Advisories

Red Hat

kernel: Too big poison pointer space↗2015-09-10

▶

Red Hat

Mozilla: Local files or privileged URLs in pages can be opened into new tabs (MFSA 2015-60)↗2015-07-02

▶

Ubuntu

Firefox regression↗2015-03-09

▶

Ubuntu

Firefox vulnerabilities↗2015-02-25

▶

Red Hat

Mozilla: Local files or privileged URLs in pages can be opened into new tabs (MFSA 2015-25)↗2015-02-24

▶

💬Community

Bugzilla

CVE-2016-0821 kernel: Too big poison pointer space↗2016-03-14

▶

Bugzilla

CVE-2015-0821 Mozilla: Local files or privileged URLs in pages can be opened into new tabs (MFSA 2015-25)↗2015-02-24

▶