Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-0802

Опубликовано: 31 мар. 2015
Источник: redhat
CVSS2: 4.3
EPSS Высокий

Описание

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

Отчет

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxNot affected
Red Hat Enterprise Linux 5thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-250
https://bugzilla.redhat.com/show_bug.cgi?id=1207086Mozilla: Windows can retain access to privileged content on navigation to unprivileged pages (MFSA 2015-42)

EPSS

Процентиль: 99%
0.80386
Высокий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-0802

ubuntu
почти 11 лет назад

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

nvd логотип

CVE-2015-0802

nvd
почти 11 лет назад

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

debian логотип

CVE-2015-0802

debian
почти 11 лет назад

Mozilla Firefox before 37.0 relies on docshell type information instea ...

github логотип

GHSA-gjrg-r3r9-354j

github
больше 3 лет назад

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

fstec логотип

BDU:2015-09903

fstec
почти 11 лет назад

Уязвимость браузера Firefox, позволяющая удалённому злоумышленнику выполнить произвольный JavaScript-код

EPSS

Процентиль: 99%
0.80386
Высокий

4.3 Medium

CVSS2