Mozilla Firefox/Thunderbird Privilege Escalation Vulnerability (CVE-2015-0816)

Mozilla Firefox/Thunderbird Privilege Escalation Vulnerability (CVE-2015-0816)
Mozilla Firefox/Thunderbird Privilege Escalation Vulnerability (CVE-2015-0816)

Release date:
Updated on: 2015-09-07

Affected Systems:

Mozilla Firefox < 37.0
Mozilla Firefox < 31.6

Description:

CVE (CAN) ID: CVE-2015-0816

Mozilla Firefox is an open-source web browser that uses the Gecko engine. Thunderbird is a mail client tool that supports IMAP and POP3.

Earlier than Mozilla Firefox 37.0, 31 before Firefox ESR 31.6. in Version x and earlier than Thunderbird 31.6, resource: URL is not properly restricted. This allows remote attackers to bypass the same-origin policy and exploit this vulnerability to execute arbitrary JS Code with chrome's current permissions.

<* Source: Mariusz Mlynski

Link: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
*>

Suggestion:

Vendor patch:

Mozilla
-------
Mozilla has released a Security Bulletin (mfsa2015-33) and patches for this:

Mfsa2015-33: resource: // documents can load privileged pages

Link: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/

Patch download:
Http://www.mozilla.org/security/announce/2015/mfsa2015-33.html

Https://bugzilla.mozilla.org/show_bug.cgi? Id = 1144991

Manually install Firefox Flash plug-in Ubuntu 14.04

Replacement of Firefox in Ubuntu

Use apt-get to install FireFox and ThunderBird In Debian Linux

Stable Firefox 29 version released-how to install

Mozilla Firefox 31.0 official release and download

Firefox details: click here
Firefox: click here

This article permanently updates the link address: