CVE-2015-0801
First published: Wed Apr 01 2015(Updated: )
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=36.0.4 | |
| Mozilla Firefox ESR | <=31.5.3 | |
| Mozilla Firefox ESR | =31.0 | |
| Mozilla Firefox ESR | =31.1 | |
| Mozilla Firefox ESR | =31.1.0 | |
| Mozilla Firefox ESR | =31.1.1 | |
| Mozilla Firefox ESR | =31.2 | |
| Mozilla Firefox ESR | =31.3 | |
| Mozilla Firefox ESR | =31.3.0 | |
| Mozilla Firefox ESR | =31.4 | |
| Mozilla Firefox ESR | =31.5 | |
| Mozilla Firefox ESR | =31.5.1 | |
| Mozilla Firefox ESR | =31.5.2 | |
| Mozilla Thunderbird | <=31.5 | |
| Mozilla Firefox | =31.0 | |
| Mozilla Firefox | =31.1.0 | |
| Mozilla Firefox | =31.1.1 | |
| Mozilla Firefox | =31.3.0 | |
| Mozilla Firefox | =31.5.1 | |
| Mozilla Firefox | =31.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://rhn.redhat.com/errata/RHSA-2015-0766.html
- http://rhn.redhat.com/errata/RHSA-2015-0771.html
- http://www.debian.org/security/2015/dsa-3211
- http://www.debian.org/security/2015/dsa-3212
- http://www.mozilla.org/security/announce/2015/mfsa2015-40.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/73455
- http://www.securitytracker.com/id/1031996
- http://www.securitytracker.com/id/1032000
- http://www.ubuntu.com/usn/USN-2550-1
- http://www.ubuntu.com/usn/USN-2552-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1146339
- https://security.gentoo.org/glsa/201512-10
Frequently Asked Questions
What is the severity of CVE-2015-0801?
CVE-2015-0801 is considered a moderate severity vulnerability due to its potential to allow arbitrary JavaScript execution with chrome privileges.
How do I fix CVE-2015-0801?
To fix CVE-2015-0801, update Mozilla Firefox to version 37.0 or later, or Firefox ESR to version 31.6 or later.
What versions are affected by CVE-2015-0801?
CVE-2015-0801 affects Mozilla Firefox versions before 37.0, Firefox ESR versions before 31.6, and Thunderbird versions before 31.6.
What are the risks associated with CVE-2015-0801?
Exploitation of CVE-2015-0801 could enable remote attackers to bypass the Same Origin Policy and execute malicious JavaScript.
Is there a known exploit for CVE-2015-0801?
While there are no publicly known exploits for CVE-2015-0801, the nature of the vulnerability allows for potential remote attacks.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/36.0.4
- canonical/mozilla firefox esr
- version/mozilla firefox esr/31.5.3
- version/mozilla firefox esr/31.0
- version/mozilla firefox esr/31.1
- version/mozilla firefox esr/31.1.0
- version/mozilla firefox esr/31.1.1
- version/mozilla firefox esr/31.2
- version/mozilla firefox esr/31.3
- version/mozilla firefox esr/31.3.0
- version/mozilla firefox esr/31.4
- version/mozilla firefox esr/31.5
- version/mozilla firefox esr/31.5.1
- version/mozilla firefox esr/31.5.2
- canonical/mozilla thunderbird
- version/mozilla thunderbird/31.5
- version/mozilla firefox/31.0
- version/mozilla firefox/31.1.0
- version/mozilla firefox/31.1.1
- version/mozilla firefox/31.3.0
- version/mozilla firefox/31.5.1
- version/mozilla firefox/31.5.2