CVE-2015-0798
First published: Wed Apr 08 2015(Updated: )
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Solaris | =11.3 | |
| Mozilla Firefox | <=37.0 | |
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- vendor/oracle
- canonical/oracle solaris
- version/oracle solaris/11.3
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/37.0
- vendor/google
- canonical/google android