CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	36.0.3 (including)
Firefox	Mozilla	31.0 (including)	31.0 (including)
Firefox	Mozilla	31.1.0 (including)	31.1.0 (including)
Firefox	Mozilla	31.1.1 (including)	31.1.1 (including)
Firefox	Mozilla	31.3.0 (including)	31.3.0 (including)
Firefox	Mozilla	31.5.1 (including)	31.5.1 (including)
Firefox	Mozilla	31.5.2 (including)	31.5.2 (including)
Firefox_esr	Mozilla	31.1 (including)	31.1 (including)
Firefox_esr	Mozilla	31.2 (including)	31.2 (including)
Firefox_esr	Mozilla	31.3 (including)	31.3 (including)
Firefox_esr	Mozilla	31.4 (including)	31.4 (including)
Firefox_esr	Mozilla	31.5 (including)	31.5 (including)
Seamonkey	Mozilla	*	2.33.0 (including)
Red Hat Enterprise Linux 5	RedHat	firefox-0:31.5.3-1.el5_11	*
Red Hat Enterprise Linux 6	RedHat	firefox-0:31.5.3-1.el6_6	*
Red Hat Enterprise Linux 7	RedHat	firefox-0:31.5.3-3.ael7b_1	*
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	lucid	*
Firefox	Ubuntu	precise	*
Firefox	Ubuntu	trusty	*
Firefox	Ubuntu	upstream	*
Firefox	Ubuntu	utopic	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-0818
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References