Detections
Analytics

CVE-2015-0818

high

Description

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

References

https://security.gentoo.org/glsa/201504-01

https://bugzilla.mozilla.org/show_bug.cgi?id=1144988

http://www.ubuntu.com/usn/USN-2538-1

http://www.securitytracker.com/id/1031959

http://www.securityfocus.com/bid/73265

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.mozilla.org/security/announce/2015/mfsa2015-28.html

http://www.debian.org/security/2015/dsa-3201

http://rhn.redhat.com/errata/RHSA-2015-0718.html

http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html

Details

Source: Mitre, NVD

Published: 2015-03-24

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High