NVD

Id
23242  
Name
CVE-2015-0802  
Description
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-04-01  
Modified Date
2016-12-06  
Seq
2015-0802  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
123227 23242 CVE-2015-0802 openSUSE-SU-2015:0677  View
123228 23242 CVE-2015-0802 http://www.mozilla.org/security/announce/2015/mfsa2015-42.html  View
123229 23242 CVE-2015-0802 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html  View
123230 23242 CVE-2015-0802 1031996  View
123231 23242 CVE-2015-0802 USN-2550-1  View
123232 23242 CVE-2015-0802 https://bugzilla.mozilla.org/show_bug.cgi?id=1124898  View
123233 23242 CVE-2015-0802 GLSA-201512-10  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
6706 JVNDB-2015-002026 Mozilla Firefox におけるクローム特権で任意の JavaScript コードを実行される脆弱性 Mozilla Firefox は、Window.webidl アクセス制御のためにページの主要な情報の代わりに docshell の型情報に依存するため、クローム特権で任意の JavaScript コードを実行される脆弱性が存在します。 CVE-2015-0802 78013 CVE-2015-0802 23242 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-002026.html 2015-03-31 2015-04-03 View