CVE-2015-0818
First published: Tue Mar 24 2015(Updated: )
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <=36.0.3 | |
| Mozilla Firefox ESR | =31.0 | |
| Mozilla Firefox ESR | =31.1 | |
| Mozilla Firefox ESR | =31.1.0 | |
| Mozilla Firefox ESR | =31.1.1 | |
| Mozilla Firefox ESR | =31.2 | |
| Mozilla Firefox ESR | =31.3 | |
| Mozilla Firefox ESR | =31.3.0 | |
| Mozilla Firefox ESR | =31.4 | |
| Mozilla Firefox ESR | =31.5 | |
| Mozilla Firefox ESR | =31.5.1 | |
| Mozilla Firefox ESR | =31.5.2 | |
| Mozilla SeaMonkey | <=2.33.0 | |
| Mozilla Firefox | =31.0 | |
| Mozilla Firefox | =31.1.0 | |
| Mozilla Firefox | =31.1.1 | |
| Mozilla Firefox | =31.3.0 | |
| Mozilla Firefox | =31.5.1 | |
| Mozilla Firefox | =31.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
- http://rhn.redhat.com/errata/RHSA-2015-0718.html
- http://www.debian.org/security/2015/dsa-3201
- http://www.mozilla.org/security/announce/2015/mfsa2015-28.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.securityfocus.com/bid/73265
- http://www.securitytracker.com/id/1031959
- http://www.ubuntu.com/usn/USN-2538-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1144988
- https://security.gentoo.org/glsa/201504-01
Frequently Asked Questions
What is the severity of CVE-2015-0818?
CVE-2015-0818 has a medium-level severity due to its ability to bypass the Same Origin Policy.
How do I fix CVE-2015-0818?
To fix CVE-2015-0818, update Mozilla Firefox to version 36.0.4 or later, or upgrade to Firefox ESR 31.5.3 or later.
Which versions are affected by CVE-2015-0818?
CVE-2015-0818 affects Mozilla Firefox versions before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1.
What impact can CVE-2015-0818 have on my browser?
CVE-2015-0818 can allow remote attackers to execute arbitrary JavaScript code with chrome privileges.
Is CVE-2015-0818 applicable to Firefox ESR?
Yes, CVE-2015-0818 is applicable to Firefox ESR versions prior to 31.5.3.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/first-publish-date
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/36.0.3
- canonical/mozilla firefox esr
- version/mozilla firefox esr/31.0
- version/mozilla firefox esr/31.1
- version/mozilla firefox esr/31.1.0
- version/mozilla firefox esr/31.1.1
- version/mozilla firefox esr/31.2
- version/mozilla firefox esr/31.3
- version/mozilla firefox esr/31.3.0
- version/mozilla firefox esr/31.4
- version/mozilla firefox esr/31.5
- version/mozilla firefox esr/31.5.1
- version/mozilla firefox esr/31.5.2
- canonical/mozilla seamonkey
- version/mozilla seamonkey/2.33.0
- version/mozilla firefox/31.0
- version/mozilla firefox/31.1.0
- version/mozilla firefox/31.1.1
- version/mozilla firefox/31.3.0
- version/mozilla firefox/31.5.1
- version/mozilla firefox/31.5.2