CVE-2015-0801 - Vulnerability Details

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox Firefox Esr Thunderbird
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:31.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.1.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.1.1:::::::*
	cpe:2.3:a:mozilla:firefox:31.3.0:::::::*
	cpe:2.3:a:mozilla:firefox:31.5.1:::::::*
	cpe:2.3:a:mozilla:firefox:31.5.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:firefox_esr:31.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.2:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.3:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.4:::::::*
	cpe:2.3:a:mozilla:firefox_esr:31.5:::::::*
	cpe:2.3:a:mozilla:thunderbird::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
firefox-0:31.6.0-2.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:0766	2015-04-01T00:00:00Z
thunderbird-0:31.6.0-1.el5_11	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:0771	2015-04-01T00:00:00Z
Red Hat Enterprise Linux 6
firefox-0:31.6.0-2.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0766	2015-04-01T00:00:00Z
thunderbird-0:31.6.0-1.el6_6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:0771	2015-04-01T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:31.6.0-2.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0766	2015-04-01T00:00:00Z
xulrunner-0:31.6.0-2.ael7b_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0766	2015-04-01T00:00:00Z
thunderbird-0:31.6.0-1.el7_1	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:0771	2015-04-01T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
http://rhn.redhat.com/errata/RHSA-2015-0766.html
http://rhn.redhat.com/errata/RHSA-2015-0771.html
http://www.debian.org/security/2015/dsa-3211
http://www.debian.org/security/2015/dsa-3212
http://www.mozilla.org/security/announce/2015/mfsa2015-40.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/73455
http://www.securitytracker.com/id/1031996
http://www.securitytracker.com/id/1032000
http://www.ubuntu.com/usn/USN-2550-1
http://www.ubuntu.com/usn/USN-2552-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1146339
https://nvd.nist.gov/vuln/detail/CVE-2015-0801
https://security.gentoo.org/glsa/201512-10
https://www.cve.org/CVERecord?id=CVE-2015-0801

History

Tue, 22 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:31.5.1:::::::*	cpe:2.3:a:mozilla:firefox:31.5.1:::::::*

Mon, 21 Oct 2024 14:15:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::* cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*	cpe:2.3:a:mozilla:firefox:31.0:::::::* cpe:2.3:a:mozilla:firefox:31.1.0:::::::*

Mon, 21 Oct 2024 13:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::* cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::* cpe:2.3:a:mozilla:firefox_esr:31.5.2:::::::*	cpe:2.3:a:mozilla:firefox:31.1.1:::::::* cpe:2.3:a:mozilla:firefox:31.3.0:::::::* cpe:2.3:a:mozilla:firefox:31.5.2:::::::*

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2015-04-01T10:00:00

Updated: 2024-08-06T04:26:10.191Z

Reserved: 2015-01-07T00:00:00

Link: CVE-2015-0801

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-04-01T10:59:02.643

Modified: 2024-11-21T02:23:44.350

Link: CVE-2015-0801

Redhat

Severity : Moderate

Publid Date: 2015-03-31T00:00:00Z

Links: CVE-2015-0801 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object