CVE Vulnerabilities

CVE-2015-0818

Published: Mar 24, 2015 | Modified: Dec 22, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

Affected Software

Name Vendor Start Version End Version
Firefox_esr Mozilla 31.1 31.1
Firefox_esr Mozilla 31.3.0 31.3.0
Firefox_esr Mozilla 31.1.1 31.1.1
Firefox Mozilla * 36.0.3
Firefox_esr Mozilla 31.5 31.5
Firefox_esr Mozilla 31.3 31.3
Seamonkey Mozilla * 2.33.0
Firefox_esr Mozilla 31.5.1 31.5.1
Firefox_esr Mozilla 31.1.0 31.1.0
Firefox_esr Mozilla 31.2 31.2
Firefox_esr Mozilla 31.4 31.4
Firefox_esr Mozilla 31.0 31.0
Firefox_esr Mozilla 31.5.2 31.5.2

References