Same Origin Policy Bypass in Mozilla Firefox and SeaMonkey
CVE-2015-0818

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Firefox; Seamonkey
Vendor: CVE Published:; 24 March 2015

Summary

A vulnerability in Mozilla Firefox and SeaMonkey allows remote attackers to bypass the Same Origin Policy, potentially leading to the execution of arbitrary JavaScript code with chrome privileges. This exploit leverages vulnerabilities in SVG hash navigation, affecting various versions of both browsers and posing significant security risks. Users are encouraged to upgrade to the latest versions to mitigate potential threats.

References

http://lists.opensuse.org/opensuse-updates/2015-03/msg000...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

Timeline

Vulnerability published
Mar 24, 2015
Vulnerability Reserved
Jan 7, 2015