Vulnerability Details : CVE-2015-0802
Public exploit exists!
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods.
Exploit prediction scoring system (EPSS) score for CVE-2015-0802
Probability of exploitation activity in the next 30 days: 39.65%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-0802
-
Firefox Proxy Prototype Privileged Javascript Injection
Disclosure Date: 2014-01-20First seen: 2020-04-26exploit/multi/browser/firefox_proxy_prototypeThis exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability. Authors: - jo -
Firefox PDF.js Privileged Javascript Injection
Disclosure Date: 2015-03-31First seen: 2020-04-26exploit/multi/browser/firefox_pdfjs_privilege_escalationThis module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability. Authors: - Unkno
CVSS scores for CVE-2015-0802
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-0802
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0802
-
http://www.securitytracker.com/id/1031996
Mozilla Firefox Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker
-
https://www.exploit-db.com/exploits/37958/
Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit)
-
https://security.gentoo.org/glsa/201512-10
Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
-
http://www.mozilla.org/security/announce/2015/mfsa2015-42.html
Windows can retain access to privileged content on navigation to unprivileged pages — MozillaVendor Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1124898
1124898 - (CVE-2015-0802) Privileged Window.webidl stuff is exposed based on the docshell type, not the principal of the actual page
-
http://www.ubuntu.com/usn/USN-2550-1
USN-2550-1: Firefox vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
[security-announce] openSUSE-SU-2015:0677-1: important: Security update
Products affected by CVE-2015-0802
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*