CVE-2015-0801

Firefox < 37.0 and Firefox ESR 31.x < 31.6 - Same Origin Policy Bypass via Anchor Navigation

Title source: llm
STIX 2.1

Description

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

References (17)

Core 17
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201512-10
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3212
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/73455
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3211
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0766.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0771.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1146339
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031996
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2552-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2550-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032000

Scores

EPSS 0.0119
EPSS Percentile 79.1%

Details

CWE
CWE-264
Status published
Products (13)
mozilla/firefox 31.0
mozilla/firefox 31.1.0
mozilla/firefox 31.1.1
mozilla/firefox 31.3.0
mozilla/firefox 31.5.1
mozilla/firefox 31.5.2
mozilla/firefox < 31.5.3
mozilla/firefox_esr 31.1
mozilla/firefox_esr 31.2
mozilla/firefox_esr 31.3
... and 3 more
Published Apr 01, 2015
Tracked Since Feb 18, 2026