1. Home
  2. Vulnerabilities
  3. CVE-2015-0802

CVE-2015-0802

CVSS v2.0 5 (Medium)
50% Progress
EPSS 39.65 % (97th)
39.65% Progress
Affected Products 3
Advisories 3
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

Weaknesses
CWE-264
Permissions, Privileges, and Access Controls
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2015-04-01 10:59:03
(9 years ago)
Updated Date
2018-10-30 16:27:35
(5 years ago)

Affected Products

Canonical

Mozilla

Opensuse

Configuration #1

    CPE23 From Up To
  Opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1
  Opensuse 13.2 cpe:2.3:o:opensuse:opensuse:13.2

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 14.10 cpe:2.3:o:canonical:ubuntu_linux:14.10

Configuration #3

    CPE23 From Up To
  Mozilla Firefox 36.0.4 and prior versions cpe:2.3:a:mozilla:firefox <= 36.0.4