Vulnerability Details : CVE-2015-0818
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
Products affected by CVE-2015-0818
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0818
6.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0818
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-0818
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0818
-
http://rhn.redhat.com/errata/RHSA-2015-0718.html
RHSA-2015:0718 - Security Advisory - Red Hat Customer Portal
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
[security-announce] SUSE-SU-2015:0593-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
[security-announce] openSUSE-SU-2015:0567-1: important: update to Firefo
-
http://www.securitytracker.com/id/1031959
Mozilla Firefox SVG Processing Flaw Lets Remote Users Bypass Same-Origin Policy and Execute Arbitrary Scripts with Elevated Privileges - SecurityTracker
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
[security-announce] SUSE-SU-2015:0630-1: important: Security update for
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://www.debian.org/security/2015/dsa-3201
Debian -- Security Information -- DSA-3201-1 iceweasel
-
http://www.securityfocus.com/bid/73265
Mozilla Firefox/SeaMonkey CVE-2015-0818 Privilege Escalation Vulnerability
-
http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
openSUSE-SU-2015:0636-1: important: Security update for seamonkey
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1144988
1144988 - (CVE-2015-0818) Same-origin bypass via SVG hash navigation (ZDI-CAN-2825)
-
http://www.mozilla.org/security/announce/2015/mfsa2015-28.html
Privilege escalation through SVG navigation — MozillaVendor Advisory
-
http://www.ubuntu.com/usn/USN-2538-1
USN-2538-1: Firefox vulnerabilities | Ubuntu security notices
Jump to