Your submission was sent successfully! Close

CVE-2015-0816

Published: 01 April 2015

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (37.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [37.0+build2-0ubuntu0.14.04.1])
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (31.6.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:31.6.0+build1-0ubuntu0.14.04.1])