CVE-2015-0801 Information
Description
Mozilla Firefox before 37.0 Firefox ESR 31.x before 31.6 and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation a similar issue to CVE-2015-0818.
Reference
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://rhn.redhat.com/errata/RHSA-2015-0766.html http://rhn.redhat.com/errata/RHSA-2015-0771.html http://www.debian.org/security/2015/dsa-3211 http://www.debian.org/security/2015/dsa-3212 http://www.mozilla.org/security/announce/2015/mfsa2015-40.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/73455 http://www.securitytracker.com/id/1031996 http://www.securitytracker.com/id/1032000 http://www.ubuntu.com/usn/USN-2550-1 http://www.ubuntu.com/usn/USN-2552-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1146339 https://security.gentoo.org/glsa/201512-10
Share on: