Mozilla Firefox/Thunderbird Privilege Escalation Vulnerability (CVE-2015-0816)
Mozilla Firefox/Thunderbird Privilege Escalation Vulnerability (CVE-2015-0816)
Release date:
Updated on: 2015-09-07
Affected Systems:
Mozilla Firefox < 37.0
Mozilla Firefox < 31.6
Description:
CVE (CAN) ID: CVE-2015-0816
Mozilla Firefox is an open-source web browser that uses the Gecko engine. Thunderbird is a mail client tool that supports IMAP and POP3.
Earlier than Mozilla Firefox 37.0, 31 before Firefox ESR 31.6. in Version x and earlier than Thunderbird 31.6, resource: URL is not properly restricted. This allows remote attackers to bypass the same-origin policy and exploit this vulnerability to execute arbitrary JS Code with chrome's current permissions.
<* Source: Mariusz Mlynski
Link: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
*>
Suggestion:
Vendor patch:
Mozilla
-------
Mozilla has released a Security Bulletin (mfsa2015-33) and patches for this:
Mfsa2015-33: resource: // documents can load privileged pages
Link: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
Patch download:
Http://www.mozilla.org/security/announce/2015/mfsa2015-33.html
Https://bugzilla.mozilla.org/show_bug.cgi? Id = 1144991
Manually install Firefox Flash plug-in Ubuntu 14.04
Replacement of Firefox in Ubuntu
Use apt-get to install FireFox and ThunderBird In Debian Linux
Stable Firefox 29 version released-how to install
Mozilla Firefox 31.0 official release and download
Firefox details: click here
Firefox: click here
This article permanently updates the link address: