CVE-2015-0818

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox Esr; Firefox; Seamonkey
Vendor: CVE Published:; 24 March 2015

Summary

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

References

http://lists.opensuse.org/opensuse-updates/2015-03/msg000...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://security.gentoo.org/glsa/201504-01

vendor-advisoryx_refsource_GENTOO

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 24, 2015
Vulnerability Reserved
Jan 7, 2015