Vulnerability Description
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Solaris | 11.3 |
| Mozilla | Firefox | <= 37.0 |
| Android | All versions |
Related Weaknesses (CWE)
References
- http://www.mozilla.org/security/announce/2015/mfsa2015-43.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securitytracker.com/id/1032029Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1147597Issue Tracking
- https://security.gentoo.org/glsa/201512-10Third Party AdvisoryVDB Entry
- http://www.mozilla.org/security/announce/2015/mfsa2015-43.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.securitytracker.com/id/1032029Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1147597Issue Tracking
- https://security.gentoo.org/glsa/201512-10Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-0798?
CVE-2015-0798 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute ar...
How severe is CVE-2015-0798?
CVE-2015-0798 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0798?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Solaris, Mozilla Firefox, Google Android.