CVE-2015-0818
Summary
| CVE | CVE-2015-0818 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-03-24 00:59:00 UTC |
| Updated | 2016-12-22 02:59:00 UTC |
| Description | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Firefox Esr | 31.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.4 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.1.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.2 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.3.0 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.4 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5.1 | All | All | All |
| Application | Mozilla | Firefox Esr | 31.5.2 | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| openSUSE-SU-2015:0636-1: important: Security update for seamonkey | SUSE | lists.opensuse.org | |
| Gentoo Security | GENTOO | security.gentoo.org | |
| USN-2538-1: Firefox vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Debian -- Security Information -- DSA-3201-1 iceweasel | DEBIAN | www.debian.org | |
| Mozilla Firefox SVG Processing Flaw Lets Remote Users Bypass Same-Origin Policy and Execute Arbitrary Scripts with Elevated Privileges - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Privilege escalation through SVG navigation — Mozilla | CONFIRM | www.mozilla.org | Vendor Advisory |
| Mozilla Firefox/SeaMonkey CVE-2015-0818 Privilege Escalation Vulnerability | BID | www.securityfocus.com | |
| Access Denied | CONFIRM | bugzilla.mozilla.org | |
| [security-announce] openSUSE-SU-2015:0567-1: important: update to Firefo | SUSE | lists.opensuse.org | |
| [security-announce] SUSE-SU-2015:0630-1: important: Security update for | SUSE | lists.opensuse.org | |
| [security-announce] SUSE-SU-2015:0593-1: important: Security update for | SUSE | lists.opensuse.org | |
| Oracle Solaris Third Party Bulletin - April 2015 | CONFIRM | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.