CVE-2015-0802
Description
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
Risk Information
Base Score
4.6
MODERATE
Vector
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
80.386
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for SeaMonkey (2.35) | Windows |
| Multiple Vulnerabilities are affected in Mozilla Firefox 36.0.4 | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 2.2 | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0.1) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0.2) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 36.0.4 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-301494 | Update for SeaMonkey (2.35) |
| PATCH-343015 | Mozilla Firefox (132.0.2) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234