Your submission was sent successfully! Close

CVE-2015-0816

Published: 1 April 2015

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end of life)
precise
Released (37.0+build2-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [37.0+build2-0ubuntu0.14.04.1])
upstream
Released (37.0)
utopic
Released (37.0+build2-0ubuntu0.14.10.1)
thunderbird
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (1:31.6.0+build1-0ubuntu0.12.04.1)
trusty Does not exist
(trusty was released [1:31.6.0+build1-0ubuntu0.14.04.1])
upstream
Released (31.6.0)
utopic
Released (1:31.6.0+build1-0ubuntu0.14.10.1)