CVE-2015-0802

Firefox PDF.js Privileged Javascript Injection

Title source: metasploit

Description

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/37958

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by Unknown, Marius Mlynski, joev · rubypocfirefox

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb

View Code ZIP pw:eip

metasploit WORKING POC MANUAL

by joev · rubypocfirefox

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/firefox_proxy_prototype.rb

View Code ZIP pw:eip

References (8)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

[Vendor Advisory] http://www.mozilla.org/security/announce/2015/mfsa2015-42.html

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031996

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2550-1

[Issue Tracking] https://bugzilla.mozilla.org/show_bug.cgi?id=1124898

[Third Party Advisory] https://security.gentoo.org/glsa/201512-10

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/37958/

Scores

EPSS 0.8039

EPSS Percentile 99.1%

Details

CWE

CWE-264

Status published

Products (6)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 14.10

mozilla/firefox < 36.0.4

opensuse/opensuse 13.1

opensuse/opensuse 13.2

Published Apr 01, 2015

Tracked Since Feb 18, 2026