Lucene search
Mozilla FoundationMFSA2015-28HistoryMar 20, 2015 - 12:00 a.m.
Privilege escalation through SVG navigation — Mozilla
2015-03-2000:00:00
Mozilla Foundation
www.mozilla.org
13
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.078 Low
EPSS
Percentile
94.2%
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative’s Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation.
Related
prion
prion
Design/Logic Flaw
2015-03-24 00:59:00
Design/Logic Flaw
2015-04-01 10:59:00
nessus
nessus
Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation (Mac OS X)
2015-03-24 00:00:00
Firefox < 36.0.4 SVG Bypass Privilege Escalation (Mac OS X)
2015-03-24 00:00:00
Firefox < 36.0.4 SVG Bypass Privilege Escalation
2015-03-24 00:00:00
openvas
openvas
ubuntucve
ubuntucve
CVE-2015-0818
2015-03-22 00:00:00
CVE-2015-0801
2015-04-01 00:00:00
zdi
zdi
cvelist
cvelist
CVE-2015-0818
2015-03-24 00:00:00
CVE-2015-0801
2015-04-01 10:00:00
cve
cve
CVE-2015-0818
2015-03-24 00:59:00
CVE-2015-0801
2015-04-01 10:59:00
kaspersky
kaspersky
KLA10477 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-03-20 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerabilities
2015-03-24 02:58:37
Updated iceape packages fix security vulnerabilities
2015-04-03 16:11:23
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
suse
suse
Security update for Mozilla Firefox (important)
2015-03-25 04:04:55
Security update for seamonkey (important)
2015-03-30 23:04:47
Security update for MozillaFirefox (important)
2015-03-30 19:04:59
debian
debian
[SECURITY] [DSA 3201-1] iceweasel security update
2015-03-22 09:26:34
[SECURITY] [DSA 3201-1] iceweasel security update
2015-03-22 09:26:17
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:12:49
Arbitrary Code Execution
2019-01-15 09:05:01
ubuntu
ubuntu
Firefox vulnerabilities
2015-03-22 00:00:00
centos
centos
firefox security update
2015-03-25 17:46:36
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-03-20 00:00:00
redhat
redhat
(RHSA-2015:0718) Critical: firefox security update
2015-03-24 09:55:07
oraclelinux
oraclelinux
firefox security update
2015-03-24 00:00:00
osv
osv
iceweasel - security update
2015-03-22 00:00:00
archlinux
archlinux
firefox: multiple issues
2015-03-21 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-03-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.078 Low
EPSS
Percentile
94.2%
Related for MFSA2015-28