Vulnerability Details : CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
Products affected by CVE-2015-0801
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0801
1.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0801
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-0801
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0801
-
http://www.securitytracker.com/id/1031996
Mozilla Firefox Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker
-
https://security.gentoo.org/glsa/201512-10
Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
[security-announce] openSUSE-SU-2015:0892-1: important: Update to Firefo
-
http://www.ubuntu.com/usn/USN-2552-1
USN-2552-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/73455
Mozilla Firefox/Thunderbird CVE-2015-0801 Same Origin Policy Security Bypass Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
[security-announce] SUSE-SU-2015:0704-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://rhn.redhat.com/errata/RHSA-2015-0771.html
RHSA-2015:0771 - Security Advisory - Red Hat Customer Portal
-
http://www.mozilla.org/security/announce/2015/mfsa2015-40.html
Same-origin bypass through anchor navigation — MozillaVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0766.html
RHSA-2015:0766 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2015/dsa-3212
Debian -- Security Information -- DSA-3212-1 icedove
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1146339
1146339 - (CVE-2015-0801) A variant of Bug 1144988 lets one bypass same-origin policy
-
http://www.debian.org/security/2015/dsa-3211
Debian -- Security Information -- DSA-3211-1 iceweasel
-
http://www.securitytracker.com/id/1032000
Mozilla Thunderbird Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Request Forgery Attacks - SecurityTracker
-
http://www.ubuntu.com/usn/USN-2550-1
USN-2550-1: Firefox vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
[security-announce] openSUSE-SU-2015:0677-1: important: Security update
Jump to