Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-0798

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.

Published

2015-04-08T10:59:00.063

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	oracle	solaris	11.3	Yes
Application	mozilla	firefox	≤ 37.0	Yes
Operating System	google	android	*	No

References

http://www.mozilla.org/security/announce/2015/mfsa2015-43.html Vendor Advisory ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory ([email protected])
http://www.securitytracker.com/id/1032029 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=1147597 Issue Tracking ([email protected])
https://security.gentoo.org/glsa/201512-10 Third Party Advisory, VDB Entry ([email protected])
http://www.mozilla.org/security/announce/2015/mfsa2015-43.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032029 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=1147597 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201512-10 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)