Home

CVE-2015-0816

Description

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Risk Information

Base Score
5.4
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
85.37

Associated Vulnerability

VulnerabilityOS Platform
Update for SeaMonkey (2.35)Windows
Multiple Vulnerabilities are affected in Mozilla Firefox 36.0.4Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 2.2Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (137.0.2)Mac
Vulnerabilities CVE-2015-0801,CVE-2015-0807,CVE-2015-0816,CVE-2015-0815 are fixed in Mozilla Thunderbird For Mac 31.6Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 31.5.3Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 31.5.3Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 36.0.4Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 31.4.0Mac
Vulnerabilities CVE-2015-0801,CVE-2015-0807,CVE-2015-0816,CVE-2015-0815,CVE-2015-0814 are fixed in Mozilla Firefox For Mac 31.6Mac
Xulrunner update (ELSA-2015-0766) xulrunner-31.6.0-2.0.1.el7_1.i686.rpmLinux
Xulrunner update (ELSA-2015-0766) xulrunner-31.6.0-2.0.1.el7_1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-301494Update for SeaMonkey (2.35)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234