CVE-2015-0816
Published: 1 April 2015
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Released
(37.0+build2-0ubuntu0.12.04.1)
|
|
| trusty |
Released
(37.0+build2-0ubuntu0.14.04.1)
|
|
| upstream |
Released
(37.0)
|
|
| utopic |
Released
(37.0+build2-0ubuntu0.14.10.1)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Released
(1:31.6.0+build1-0ubuntu0.12.04.1)
|
|
| trusty |
Released
(1:31.6.0+build1-0ubuntu0.14.04.1)
|
|
| upstream |
Released
(31.6.0)
|
|
| utopic |
Released
(1:31.6.0+build1-0ubuntu0.14.10.1)
|