CVE-2015-0816
CVSS v2.0
5 (Medium)
EPSS
96.10 % (100th)
Affected Products
3
Advisories
13
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
Weaknesses
- CWE-264
- Permissions, Privileges, and Access Controls
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2015-04-01 10:59:14
(9 years ago) - Updated Date
-
2017-09-17 01:29:01
(7 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...