CVE-2015-7214

Opensuse Leap < 42.0 - Information Disclosure

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-7214. PoCs published by OpenSISE, llamakko.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2015-7214, a Same-Origin Policy (SOP) bypass vulnerability in Firefox. The exploit leverages data and view-source URIs to perform cross-site reading attacks, with separate PoCs for web and local contexts.

Description

Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.

Exploits (2)

github WORKING POC 31 stars
by OpenSISE · cpoc
https://github.com/OpenSISE/CVE_PoC_Collect/tree/master/SoP/firefox/CVE-2015-7214

This repository contains a proof-of-concept for CVE-2015-7214, a Same-Origin Policy (SOP) bypass vulnerability in Firefox. The exploit leverages data and view-source URIs to perform cross-site reading attacks, with separate PoCs for web and local contexts.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox <= 42.0
No auth needed
Prerequisites: Firefox version 42.0 or earlier · User interaction to open malicious HTML files
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 14 stars
by llamakko · poc
https://github.com/llamakko/CVE-2015-7214

This repository contains a proof-of-concept for CVE-2015-7214, a cross-site reading attack through data and view-source URIs in Firefox. It includes two HTML files demonstrating the SOP bypass for both web and local contexts.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Mozilla Firefox version 42.0 or earlier
No auth needed
Prerequisites: Firefox version 42.0 or earlier
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (22)

Core 22
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3432
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1228950
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/79279
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201512-10
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2859-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2833-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2657.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034426
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3422

Scores

EPSS 0.0606
EPSS Percentile 92.4%

Details

CWE
CWE-200
Status published
Products (15)
fedoraproject/fedora 22
fedoraproject/fedora 23
mozilla/firefox 38.0
mozilla/firefox 38.0.1
mozilla/firefox 38.0.5
mozilla/firefox 38.1.0
mozilla/firefox 38.1.1
mozilla/firefox 38.2.0
mozilla/firefox 38.2.1
mozilla/firefox 38.3.0
... and 5 more
Published Dec 16, 2015
Tracked Since Feb 18, 2026