Detections
Analytics

CVE-2015-0801

high

Description

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

References

https://security.gentoo.org/glsa/201512-10

https://bugzilla.mozilla.org/show_bug.cgi?id=1146339

http://www.ubuntu.com/usn/USN-2552-1

http://www.ubuntu.com/usn/USN-2550-1

http://www.securitytracker.com/id/1032000

http://www.securitytracker.com/id/1031996

http://www.securityfocus.com/bid/73455

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.mozilla.org/security/announce/2015/mfsa2015-40.html

http://www.debian.org/security/2015/dsa-3212

http://www.debian.org/security/2015/dsa-3211

http://rhn.redhat.com/errata/RHSA-2015-0771.html

http://rhn.redhat.com/errata/RHSA-2015-0766.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

Details

Source: Mitre, NVD

Published: 2015-04-01

Updated: 2017-01-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High