CVE-2015-0798
Description
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
Risk Information
Base Score
5.4
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
1.465
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities affected in Mozilla Firefox (x64) 37.0 | Windows |
| Multiple vulnerabilities affected in Mozilla_Firefox 37.0 | Windows |
| Vulnerabilities CVE-2015-0798,CVE-2015-0799 are affected in Mozilla Firefox (x64) 37.0 | Windows |
| Vulnerabilities CVE-2015-0798,CVE-2015-0799 are affected in Mozilla_Firefox 37.0 | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-343016 | Mozilla Firefox (x64) (132.0.2) |
| PATCH-343015 | Mozilla Firefox (132.0.2) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234