CVE-2015-0802

Firefox PDF.js Privileged Javascript Injection

Title source: metasploit

Description

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

Exploits (3)

metasploit WORKING POC MANUAL

by Unknown, Marius Mlynski, joev · rubypocfirefox

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/37958

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by joev · rubypocfirefox

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/firefox_proxy_prototype.rb

View Code ZIP pw:eip

References (8)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

[Vendor Advisory] http://www.mozilla.org/security/announce/2015/mfsa2015-42.html

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031996

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2550-1

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1124898

[Third Party Advisory] https://security.gentoo.org/glsa/201512-10

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/37958/

Scores

EPSS 0.8039

EPSS Percentile 99.1%

Classification

CWE

CWE-264

Status draft

Affected Products (6)

opensuse/opensuse

opensuse/opensuse

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

mozilla/firefox < 36.0.4

Timeline

Published Apr 01, 2015

Tracked Since Feb 18, 2026