CVE-2015-0818
Summary
| CVE | CVE-2015-0818 |
|---|---|
| State | PUBLISHED |
| Assigner | mozilla |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-03-24 00:59:07 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | 31.0 | All | All | All |
| Application | Mozilla | Firefox | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox | 31.1.1 | All | All | All |
| Application | Mozilla | Firefox | 31.3.0 | All | All | All |
| Application | Mozilla | Firefox | 31.5.1 | All | All | All |
| Application | Mozilla | Firefox | 31.5.2 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.4 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5 | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Oracle Solaris Third Party Bulletin - April 2015 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | |
| openSUSE-SU-2015:0636-1: important: Security update for seamonkey | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| [security-announce] SUSE-SU-2015:0593-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Access Denied | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | |
| [security-announce] SUSE-SU-2015:0630-1: important: Security update for | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2015:0567-1: important: update to Firefo | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Privilege escalation through SVG navigation — Mozilla | af854a3a-2127-422b-91ae-364da2661108 | www.mozilla.org | Vendor Advisory |
| Debian -- Security Information -- DSA-3201-1 iceweasel | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Mozilla Firefox SVG Processing Flaw Lets Remote Users Bypass Same-Origin Policy and Execute Arbitrary Scripts with Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| USN-2538-1: Firefox vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| Mozilla Firefox/SeaMonkey CVE-2015-0818 Privilege Escalation Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.