CVE-2015-0802
Last modified
CVE-2015-0802 is a vulnerability of currently unknown severity. Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.. EPSS estimates a 67.47% chance of exploitation in the next 30 days.
Description
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 13.1 |
| Opensuse | Opensuse | 13.2 |
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 14.10 |
| Mozilla | Firefox | <= 36.0.4 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-0802?
How severe is CVE-2015-0802?
How do I fix CVE-2015-0802?
Are you affected by CVE-2015-0802?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST