CVE-2015-0818

CVSS v2.0 7.5 (High)

EPSS 7.81 % (94^th)

Affected Products 3

Advisories 9

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

Related CVEs

CVE-2015-0801

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-03-24 00:59:07
(9 years ago)
Updated Date: 2016-12-22 02:59:27
(7 years ago)

Affected Products

Mozilla

Configuration #1

	CPE23	Up To
Mozilla Firefox 36.0.3 and prior versions	cpe:2.3:a:mozilla:firefox	<= 36.0.3
Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
Mozilla Firefox Esr 31.1	cpe:2.3:a:mozilla:firefox_esr:31.1
Mozilla Firefox Esr 31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0
Mozilla Firefox Esr 31.1.1	cpe:2.3:a:mozilla:firefox_esr:31.1.1
Mozilla Firefox Esr 31.2	cpe:2.3:a:mozilla:firefox_esr:31.2
Mozilla Firefox Esr 31.3	cpe:2.3:a:mozilla:firefox_esr:31.3
Mozilla Firefox Esr 31.3.0	cpe:2.3:a:mozilla:firefox_esr:31.3.0
Mozilla Firefox Esr 31.4	cpe:2.3:a:mozilla:firefox_esr:31.4
Mozilla Firefox Esr 31.5	cpe:2.3:a:mozilla:firefox_esr:31.5
Mozilla Firefox Esr 31.5.1	cpe:2.3:a:mozilla:firefox_esr:31.5.1
Mozilla Firefox Esr 31.5.2	cpe:2.3:a:mozilla:firefox_esr:31.5.2
Mozilla Seamonkey 2.33.0 and prior versions	cpe:2.3:a:mozilla:seamonkey	<= 2.33.0