CVE-2015-0798

EUVD-2015-0811
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
oraclesolaris
11.3
mozillafirefox
𝑥
≤ 37.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.mozilla.org/security/announce/2015/mfsa2015-43.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1032029
https://bugzilla.mozilla.org/show_bug.cgi?id=1147597
https://security.gentoo.org/glsa/201512-10
http://www.mozilla.org/security/announce/2015/mfsa2015-43.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1032029
https://bugzilla.mozilla.org/show_bug.cgi?id=1147597
https://security.gentoo.org/glsa/201512-10