CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	36.0.4 (including)
Firefox	Mozilla	31.0 (including)	31.0 (including)
Firefox	Mozilla	31.1.0 (including)	31.1.0 (including)
Firefox	Mozilla	31.1.1 (including)	31.1.1 (including)
Firefox	Mozilla	31.3.0 (including)	31.3.0 (including)
Firefox	Mozilla	31.5.1 (including)	31.5.1 (including)
Firefox	Mozilla	31.5.2 (including)	31.5.2 (including)
Firefox_esr	Mozilla	*	31.5.3 (including)
Firefox_esr	Mozilla	31.1 (including)	31.1 (including)
Firefox_esr	Mozilla	31.2 (including)	31.2 (including)
Firefox_esr	Mozilla	31.3 (including)	31.3 (including)
Firefox_esr	Mozilla	31.4 (including)	31.4 (including)
Firefox_esr	Mozilla	31.5 (including)	31.5 (including)
Thunderbird	Mozilla	*	31.5 (including)
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	lucid	*
Firefox	Ubuntu	precise	*
Firefox	Ubuntu	trusty	*
Firefox	Ubuntu	upstream	*
Firefox	Ubuntu	utopic	*
Thunderbird	Ubuntu	devel	*
Thunderbird	Ubuntu	lucid	*
Thunderbird	Ubuntu	precise	*
Thunderbird	Ubuntu	trusty	*
Thunderbird	Ubuntu	upstream	*
Thunderbird	Ubuntu	utopic	*
Red Hat Enterprise Linux 5	RedHat	firefox-0:31.6.0-2.el5_11	*
Red Hat Enterprise Linux 5	RedHat	thunderbird-0:31.6.0-1.el5_11	*
Red Hat Enterprise Linux 6	RedHat	firefox-0:31.6.0-2.el6_6	*
Red Hat Enterprise Linux 6	RedHat	thunderbird-0:31.6.0-1.el6_6	*
Red Hat Enterprise Linux 7	RedHat	firefox-0:31.6.0-2.el7_1	*
Red Hat Enterprise Linux 7	RedHat	xulrunner-0:31.6.0-2.ael7b_1	*
Red Hat Enterprise Linux 7	RedHat	thunderbird-0:31.6.0-1.el7_1	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-0801
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References