CVE-2015-0818

Sažetak

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html
http://lists.opensuse.org/opensuse-updates/2015-03/msg00096.html
http://rhn.redhat.com/errata/RHSA-2015-0718.html
http://www.debian.org/security/2015/dsa-3201
http://www.mozilla.org/security/announce/2015/mfsa2015-28.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/73265
http://www.securitytracker.com/id/1031959
http://www.ubuntu.com/usn/USN-2538-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1144988
https://security.gentoo.org/glsa/201504-01

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

22-12-2016 - 02:59

Objavljeno

24-03-2015 - 00:59