CVE-2015-0816

Firefox < 37.0 and ESR 31.x < 31.6 - Remote Code Execution via resource: URL Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-0816. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits a privilege escalation vulnerability in Firefox 35-36 by abusing resource:// URIs and PDF.js to inject privileged JavaScript, leading to remote code execution. The exploit requires user interaction (clicking on the page) to trigger the vulnerability.

Description

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/37958

View Code ZIP pw:eip

This Metasploit module exploits a privilege escalation vulnerability in Firefox 35-36 by abusing resource:// URIs and PDF.js to inject privileged JavaScript, leading to remote code execution. The exploit requires user interaction (clicking on the page) to trigger the vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Mozilla Firefox 35-36

No auth needed

Prerequisites: User interaction (clicking on the page) · Firefox version 35-36

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (18)

Core 18

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031996

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/73461

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201512-10

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3212

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37958/

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2552-1

Issue Tracking x_refsource_confirm

https://bugzilla.mozilla.org/show_bug.cgi?id=1144991

Vendor Advisory x_refsource_confirm

http://www.mozilla.org/security/announce/2015/mfsa2015-33.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2550-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032000

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2015/dsa-3211

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-0766.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-0771.html

Scores

EPSS 0.6714

EPSS Percentile 99.2%

Details

CWE

CWE-264

Status published

Products (2)

mozilla/firefox < 31.5.3

mozilla/thunderbird < 31.5

Published Apr 01, 2015

Tracked Since Feb 18, 2026