Search...

SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)

2015-03-27T00:00:00

ID OPENVAS:1361412562310805513
Type openvas
Reporter Copyright (C) 2015 Greenbone Networks GmbH
Modified 2017-06-13T00:00:00

Description

This host is installed with SeaMonkey and is prone to multiple vulnerabilities.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 6329 2017-06-13 15:39:42Z teissa $
#
# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)
#
# Authors:
# Shakeel &lt;bshakeel@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:mozilla:seamonkey";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.805513");
  script_version("$Revision: 6329 $");
  script_cve_id("CVE-2015-0817", "CVE-2015-0818");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"last_modification", value:"$Date: 2017-06-13 17:39:42 +0200 (Tue, 13 Jun 2017) $");
  script_tag(name:"creation_date", value:"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)");
  script_name("SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)");

  script_tag(name: "summary" , value:"This host is installed with SeaMonkey and
  is prone to multiple vulnerabilities.");

  script_tag(name: "vuldetect" , value:"Get the installed version with the help of
  detect NVT and check the version is vulnerable or not.");

  script_tag(name: "insight" , value:"Multiple flaws are due to,
  - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript
  Just-in-time Compilation (JIT).
  - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation
  functionality.");

  script_tag(name: "impact" , value:"Successful exploitation will allow remote
  attackers to gain elevated privileges and conduct arbitrary code execution.

  Impact Level: System/Application");

  script_tag(name: "affected" , value:"SeaMonkey version before 2.33.1 on Mac OS X.");

  script_tag(name: "solution" , value:"Upgrade to SeaMonkey version 2.33.1 or later,
  For updates refer to http://www.mozilla.com/en-US/seamonkey");

  script_tag(name:"solution_type", value:"VendorFix");

  script_tag(name:"qod_type", value:"executable_version");

  script_xref(name:"URL", value:"http://www.securitytracker.com/id/1031958");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29");
  script_xref(name:"URL", value:"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2015 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
  script_mandatory_keys("SeaMonkey/MacOSX/Version");
  exit(0);
}


include("host_details.inc");
include("version_func.inc");

## Variable Initialization
smVer = "";

## Get version
if(!smVer = get_app_version(cpe:CPE)){
  exit(0);
}

# Check for vulnerable version
if(version_is_less(version:smVer, test_version:"2.33.1"))
{
  report = 'Installed version: ' + smVer + '\n' +
             'Fixed version:     ' + "2.33.1"  + '\n';
  security_message(data:report);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310805513", "bulletinFamily": "scanner", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)", "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "published": "2015-03-27T00:00:00", "modified": "2017-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805513", "reporter": "Copyright (C) 2015 Greenbone Networks GmbH", "references": ["http://www.securitytracker.com/id/1031958", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29", "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28"], "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "type": "openvas", "lastseen": "2017-07-02T21:11:38", "history": [], "edition": 1, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "0ed3708ae6e6fd21964b11319b8b26d1"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "0a0a51d2b6c1534ed609ef84334987e6"}, {"key": "href", "hash": "8a43622064c682f018053a5f469051ef"}, {"key": "modified", "hash": "54c80a447982dbedec92463c7532b29f"}, {"key": "naslFamily", "hash": "0db377921f4ce762c62526131097968f"}, {"key": "pluginID", "hash": "e4d338cc9e254d62b252e6d895233a18"}, {"key": "published", "hash": "398ea4ea706db579b812f88ff355eb96"}, {"key": "references", "hash": "0d8fc67a430144bb0ae55d6d8831a37e"}, {"key": "reporter", "hash": "1e898993712db5cf9f9a110102684025"}, {"key": "sourceData", "hash": "5d5772885e099f458637d86bb692a9ba"}, {"key": "title", "hash": "f7e11b795b6d3fd1d3a23769e66233e8"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "35da17b8bb04c83e72dc4ad07a8d3b296204fe85887ed1c5b3d8e64bfd087008", "viewCount": 0, "enchantments": {"vulnersScore": 2.8}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_sea_monkey_mult_vuln01_mar15_macosx.nasl 6329 2017-06-13 15:39:42Z teissa $\n#\n# SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mozilla:seamonkey\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.805513\");\n script_version(\"$Revision: 6329 $\");\n script_cve_id(\"CVE-2015-0817\", \"CVE-2015-0818\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-13 17:39:42 +0200 (Tue, 13 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-27 14:54:29 +0530 (Fri, 27 Mar 2015)\");\n script_name(\"SeaMonkey Multiple Vulnerabilities -01 Mar15 (Mac OS X)\");\n\n script_tag(name: \"summary\" , value:\"This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.\");\n\n script_tag(name: \"vuldetect\" , value:\"Get the installed version with the help of\n detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name: \"insight\" , value:\"Multiple flaws are due to,\n - An out-of-bounds access error in asmjs/AsmJSValidate.cpp within the JavaScript\n Just-in-time Compilation (JIT).\n - An error in docshell/base/nsDocShell.cpp within the SVG format content navigation\n functionality.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to gain elevated privileges and conduct arbitrary code execution.\n\n Impact Level: System/Application\");\n\n script_tag(name: \"affected\" , value:\"SeaMonkey version before 2.33.1 on Mac OS X.\");\n\n script_tag(name: \"solution\" , value:\"Upgrade to SeaMonkey version 2.33.1 or later,\n For updates refer to http://www.mozilla.com/en-US/seamonkey\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id/1031958\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-29\");\n script_xref(name:\"URL\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2015-28\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_mozilla_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"SeaMonkey/MacOSX/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n## Variable Initialization\nsmVer = \"\";\n\n## Get version\nif(!smVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Check for vulnerable version\nif(version_is_less(version:smVer, test_version:\"2.33.1\"))\n{\n report = 'Installed version: ' + smVer + '\\n' +\n 'Fixed version: ' + \"2.33.1\" + '\\n';\n security_message(data:report);\n exit(0);\n}\n", "naslFamily": "General", "pluginID": "1361412562310805513"}

{"result": {"cve": [{"id": "CVE-2015-0818", "type": "cve", "title": "CVE-2015-0818", "description": "Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.", "published": "2015-03-23T20:59:07", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0818", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-04-18T15:55:59"}, {"id": "CVE-2015-0817", "type": "cve", "title": "CVE-2015-0817", "description": "The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript.", "published": "2015-03-23T20:59:05", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0817", "cvelist": ["CVE-2015-0817"], "lastseen": "2017-04-18T15:55:59"}], "openvas": [{"id": "OPENVAS:1361412562310805516", "type": "openvas", "title": "Mozilla Firefox ESR SVG Privilege Escalation Vulnerability Mar15 (Windows)", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to privilege escalation vulnerability.", "published": "2015-03-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805516", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-07-02T21:11:55"}, {"id": "OPENVAS:1361412562310805514", "type": "openvas", "title": "Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability Mar15 (Windows)", "description": "This host is installed with Mozilla Firefox\n and is prone to privilege escalation vulnerability.", "published": "2015-03-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805514", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-07-02T21:11:40"}, {"id": "OPENVAS:1361412562310805515", "type": "openvas", "title": "Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability Mar15 (Mac OS X)", "description": "This host is installed with Mozilla Firefox\n and is prone to privilege escalation vulnerability.", "published": "2015-03-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805515", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-07-24T12:53:44"}, {"id": "OPENVAS:1361412562310805517", "type": "openvas", "title": "Mozilla Firefox ESR SVG Privilege Escalation Vulnerability Mar15 (Mac OS X)", "description": "This host is installed with Mozilla Firefox\n ESR and is prone to privilege escalation vulnerability.", "published": "2015-03-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805517", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-07-11T10:52:08"}, {"id": "OPENVAS:1361412562310882133", "type": "openvas", "title": "CentOS Update for firefox CESA-2015:0718 centos6 ", "description": "Check the version of firefox", "published": "2015-03-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882133", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-07-25T10:52:15"}, {"id": "OPENVAS:1361412562310123152", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-0718", "description": "Oracle Linux Local Security Checks ELSA-2015-0718", "published": "2015-10-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123152", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-07-24T12:53:11"}, {"id": "OPENVAS:1361412562310850646", "type": "openvas", "title": "SuSE Update for seamonkey openSUSE-SU-2015:0636-1 (seamonkey)", "description": "Check the version of seamonkey", "published": "2015-04-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850646", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-12-12T11:17:08"}, {"id": "OPENVAS:1361412562310805512", "type": "openvas", "title": "SeaMonkey Multiple Vulnerabilities -01 Mar15 (Windows)", "description": "This host is installed with SeaMonkey and\n is prone to multiple vulnerabilities.", "published": "2015-03-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805512", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-07-02T21:12:21"}, {"id": "OPENVAS:1361412562310882139", "type": "openvas", "title": "CentOS Update for firefox CESA-2015:0718 centos7 ", "description": "Check the version of firefox", "published": "2015-04-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882139", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-07-25T10:52:25"}, {"id": "OPENVAS:1361412562310850644", "type": "openvas", "title": "SuSE Update for MozillaFirefox openSUSE-SU-2015:0607-1 (MozillaFirefox)", "description": "Check the version of MozillaFirefox", "published": "2015-03-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850644", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-12-12T11:15:22"}], "zdi": [{"id": "ZDI-15-108", "type": "zdi", "title": "(Pwn2Own) Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability", "description": "This vulnerability allows remote attackers to bypass the same-origin policy on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of SVG format content navigation. By using a DOMAttrModified mutation event listener, an attacker can inject an arbitrary URL into the history, and cause Firefox to break the same-origin isolation policy.", "published": "2015-04-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-108", "cvelist": ["CVE-2015-0818"], "lastseen": "2016-11-09T00:18:14"}, {"id": "ZDI-15-109", "type": "zdi", "title": " (Pwn2Own) Mozilla Firefox Bounds Check Elimination Remote Code Execution Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of heap access bounds checking. A specially crafted typed array can eliminate bounds checks for heap accesses. An attacker can leverage this vulnerability to execute code under the context of the current process.", "published": "2015-04-03T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-109", "cvelist": ["CVE-2015-0817"], "lastseen": "2016-11-09T00:18:08"}], "nessus": [{"id": "MOZILLA_FIREFOX_36_0_4.NASL", "type": "nessus", "title": "Firefox < 36.0.4 SVG Bypass Privilege Escalation", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.", "published": "2015-03-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82041", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-10-29T13:43:02"}, {"id": "MACOSX_FIREFOX_31_5_3_ESR.NASL", "type": "nessus", "title": "Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation (Mac OS X)", "description": "The version of Mozilla Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.5.3. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.", "published": "2015-03-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82035", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-10-29T13:45:04"}, {"id": "MOZILLA_FIREFOX_31_5_3_ESR.NASL", "type": "nessus", "title": "Firefox ESR 31.x < 31.5.3 SVG Bypass Privilege Escalation", "description": "The version of Mozilla Firefox ESR 31.x installed on the remote Windows host is prior to 31.5.3. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.", "published": "2015-03-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82039", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-10-29T13:32:53"}, {"id": "MACOSX_FIREFOX_36_0_4.NASL", "type": "nessus", "title": "Firefox < 36.0.4 SVG Bypass Privilege Escalation (Mac OS X)", "description": "The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context.", "published": "2015-03-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82037", "cvelist": ["CVE-2015-0818"], "lastseen": "2017-10-29T13:42:41"}, {"id": "SEAMONKEY_2_33_1.NASL", "type": "nessus", "title": "SeaMonkey < 2.33.1 Multiple Vulnerabilities", "description": "The version of Mozilla SeaMonkey installed on the remote host is prior to 2.33.1. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to just-in-time compilation for JavaScript. A remote attacker, using a specially crafted web page, can exploit this to execute arbitrary code by reading and writing to memory. (CVE-2015-0817)\n\n - A privilege escalation vulnerability exists due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to bypass same-origin policy protections, allowing a possible execution of arbitrary scripts in a privileged context. (CVE-2015-0818)", "published": "2015-03-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82042", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-10-29T13:35:48"}, {"id": "REDHAT-RHSA-2015-0718.NASL", "type": "nessus", "title": "RHEL 5 / 6 / 7 : firefox (RHSA-2015:0718)", "description": "Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "published": "2015-03-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82067", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-10-29T13:35:01"}, {"id": "CENTOS_RHSA-2015-0718.NASL", "type": "nessus", "title": "CentOS 5 / 6 / 7 : firefox (CESA-2015:0718)", "description": "Updated firefox packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters of these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.", "published": "2015-03-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82083", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-10-29T13:43:49"}, {"id": "OPENSUSE-2015-263.NASL", "type": "nessus", "title": "openSUSE Security Update : MozillaFirefox (openSUSE-2015-263)", "description": "MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security issues found during Pwn2Own :\n\n - MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through SVG navigation\n\n - MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through incorrect JavaScript bounds checking elimination\n\nAls fixed were the following bugs :\n\n - Copy the icons to /usr/share/icons instead of symlinking them: in preparation for containerized apps (e.g.\n xdg-app) as well as AppStream metadata extraction, there are a couple locations that need to be real files for system integration (.desktop files, icons, mime-type info).\n\n - update to Firefox 36.0.1 Bugfixes :\n\n - Disable the usage of the ANY DNS query type (bmo#1093983)\n\n - Hello may become inactive until restart (bmo#1137469)\n\n - Print preferences may not be preserved (bmo#1136855)\n\n - Hello contact tabs may not be visible (bmo#1137141)\n\n - Accept hostnames that include an underscore character ('_') (bmo#1136616)\n\n - WebGL may use significant memory with Canvas2d (bmo#1137251)\n\n - Option -remote has been restored (bmo#1080319)", "published": "2015-03-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82247", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-10-29T13:36:12"}, {"id": "OPENSUSE-2015-279.NASL", "type": "nessus", "title": "openSUSE Security Update : seamonkey (openSUSE-2015-279)", "description": "SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.\n\nThe following vulnerabilities were fixed :\n\n - Privilege escalation through SVG navigation (CVE-2015-0818)\n\n - Code execution through incorrect JavaScript bounds checking elimination (CVE-2015-0817)", "published": "2015-03-31T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82463", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-10-29T13:34:24"}, {"id": "UBUNTU_USN-2538-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : firefox vulnerabilities (USN-2538-1)", "description": "A flaw was discovered in the implementation of typed array bounds checking in the JavaScript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817)\n\nMariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. (CVE-2015-0818).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-03-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82022", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2017-10-29T13:33:10"}], "mozilla": [{"id": "MFSA2015-28", "type": "mozilla", "title": "Privilege escalation through SVG navigation", "description": "Security researcher Mariusz Mlynski reported, through HP\nZero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections by using a\nflaw in the processing of SVG format content navigation.\n\nAn incomplete version of this fix was shipped in Firefox 36.0.3\nand Firefox ESR 31.5.2.", "published": "2015-03-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-28/", "cvelist": ["CVE-2015-0818"], "lastseen": "2016-09-05T13:37:48"}, {"id": "MFSA2015-29", "type": "mozilla", "title": "Code execution through incorrect JavaScript bounds checking elimination", "description": "Security researcher ilxu1a reported, through HP Zero Day\nInitiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its management\nof bounds checking for heap access. This flaw can be leveraged into the reading\nand writing of memory allowing for arbitary code execution on the local system.", "published": "2015-03-20T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.mozilla.org/en-US/security/advisories/mfsa2015-29/", "cvelist": ["CVE-2015-0817"], "lastseen": "2016-09-05T13:37:51"}], "centos": [{"id": "CESA-2015:0718", "type": "centos", "title": "firefox security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0718\n\n\nMozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021044.html\n\n**Affected packages:**\nfirefox\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0718.html", "published": "2015-04-01T04:07:06", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021044.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2018-04-10T05:09:01"}], "redhat": [{"id": "RHSA-2015:0718", "type": "redhat", "title": "(RHSA-2015:0718) Critical: firefox security update", "description": "Mozilla Firefox is an open source web browser. XULRunner provides the XUL\nRuntime environment for Mozilla Firefox.\n\nTwo flaws were found in the processing of malformed web content. A web page\ncontaining malicious content could cause Firefox to crash or, potentially,\nexecute arbitrary code with the privileges of the user running Firefox.\n(CVE-2015-0817, CVE-2015-0818)\n\nRed Hat would like to thank the Mozilla project for reporting these issues.\nUpstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters\nof these issues.\n\nAll Firefox users should upgrade to these updated packages, which contain\nFirefox version 31.5.3 ESR, which corrects these issues. After installing\nthe update, Firefox must be restarted for the changes to take effect.\n", "published": "2015-03-24T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0718", "cvelist": ["CVE-2015-0817", "CVE-2015-0818"], "lastseen": "2018-04-15T14:25:10"}], "oraclelinux": [{"id": "ELSA-2015-0718", "type": "oraclelinux", "title": "firefox security update", "description": "[31.5.3-1.0.1.el5_11]\n- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html\n and remove the corresponding Red Hat files\n[31.5.3-1]\n- Update to 31.5.3 ESR\n[31.5.2-1]\n- Update to 31.5.2 ESR\n[31.5.1-1]\n- Update to 31.5.1 ESR", "published": "2015-03-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0718.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-04T11:16:41"}], "archlinux": [{"id": "ASA-201503-21", "type": "archlinux", "title": "firefox: multiple issues", "description": "- CVE-2015-0817 (arbitrary remote code execution):\n\nSecurity researcher ilxu1a reported, through HP Zero Day Initiative's\nPwn2Own contest, a flaw in Mozilla's implementation of typed array\nbounds checking in JavaScript just-in-time compilation (JIT) and its\nmanagement of bounds checking for heap access. This flaw can be\nleveraged into the reading and writing of memory allowing for arbitary\ncode execution on the local system.\n\n- CVE-2015-0818 (same-origin policy bypass):\n\nSecurity researcher Mariusz Mlynski reported, through HP Zero Day\nInitiative's Pwn2Own contest, a method to run arbitrary scripts in a\nprivileged context. This bypassed the same-origin policy protections by\nusing a flaw in the processing of SVG format content navigation.", "published": "2015-03-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-02T18:44:47"}], "suse": [{"id": "OPENSUSE-SU-2015:0607-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "description": "MozillaFirefox was updated to Firefox 36.0.4 to fix two critical security\n issues found during Pwn2Own:\n\n * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through\n SVG navigation\n\n * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through\n incorrect JavaScript bounds checking elimination\n\n Als fixed were the following bugs:\n - Copy the icons to /usr/share/icons instead of symlinking them: in\n preparation for containerized apps (e.g. xdg-app) as well as AppStream\n metadata extraction, there are a couple locations that need to be real\n files for system integration (.desktop files, icons, mime-type info).\n\n - update to Firefox 36.0.1 Bugfixes:\n * Disable the usage of the ANY DNS query type (bmo#1093983)\n * Hello may become inactive until restart (bmo#1137469)\n * Print preferences may not be preserved (bmo#1136855)\n * Hello contact tabs may not be visible (bmo#1137141)\n * Accept hostnames that include an underscore character ("_")\n (bmo#1136616)\n * WebGL may use significant memory with Canvas2d (bmo#1137251)\n * Option -remote has been restored (bmo#1080319)\n\n", "published": "2015-03-26T08:04:49", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00030.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-04T11:18:23"}, {"id": "OPENSUSE-SU-2015:0636-1", "type": "suse", "title": "Security update for seamonkey (important)", "description": "SeaMonkey was updated to 2.33.1 to fix several vulnerabilities.\n\n The following vulnerabilities were fixed:\n\n * Privilege escalation through SVG navigation (CVE-2015-0818)\n * Code execution through incorrect JavaScript bounds checking elimination\n (CVE-2015-0817)\n\n", "published": "2015-03-30T23:04:47", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00036.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-04T11:27:16"}, {"id": "SUSE-SU-2015:0593-1", "type": "suse", "title": "Security update for Mozilla Firefox (important)", "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n *\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,\n through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitary code execution on the local system.\n\n *\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n Security Issues:\n\n * CVE-2015-0817\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817</a>>\n * CVE-2015-0818\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818</a>>\n\n", "published": "2015-03-25T04:04:55", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-04T11:40:21"}, {"id": "SUSE-SU-2015:0593-2", "type": "suse", "title": "Security update for MozillaFirefox (important)", "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n *\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported,\n through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitrary code execution on the local system.\n\n *\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n Security Issues:\n\n * CVE-2015-0817\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817</a>>\n * CVE-2015-0818\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818</a>>\n\n", "published": "2015-03-28T01:05:57", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00034.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-04T11:57:33"}, {"id": "SUSE-SU-2015:0630-1", "type": "suse", "title": "Security update for MozillaFirefox (important)", "description": "MozillaFirefox was updated to the 31.5.3ESR release to fix two security\n vulnerabilities:\n\n MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through\n HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's\n implementation of typed array bounds checking in JavaScript just-in-time\n compilation (JIT) and its management of bounds checking for heap access.\n This flaw can be leveraged into the reading and writing of memory allowing\n for arbitary code execution on the local system.\n\n MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski\n reported, through HP Zero Day Initiative's Pwn2Own contest, a method to\n run arbitrary scripts in a privileged context. This bypassed the\n same-origin policy protections by using a flaw in the processing of SVG\n format content navigation.\n\n", "published": "2015-03-30T19:04:59", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-04T11:18:43"}, {"id": "OPENSUSE-SU-2015:0567-1", "type": "suse", "title": "update to Firefox 31.5.3 (important)", "description": "Update to Firefox 31.5.3 (bnc#923534)\n * MFSA 2015-28/CVE-2015-0818 (bmo#1144988) Privilege escalation through\n SVG navigation\n * MFSA 2015-29/CVE-2015-0817 (bmo#1145255) Code execution through\n incorrect JavaScript bounds checking elimination\n\n - update to Firefox 31.5.0esr (bnc#917597)\n * MFSA 2015-11/CVE-2015-0836 Miscellaneous memory safety hazards\n * MFSA 2015-12/CVE-2015-0833 (bmo#945192) Invoking Mozilla updater will\n load locally stored DLL files (Windows only)\n * MFSA 2015-16/CVE-2015-0831 (bmo#1130514) Use-after-free in IndexedDB\n * MFSA 2015-19/CVE-2015-0827 (bmo#1117304) Out-of-bounds read and write\n while rendering SVG content\n * MFSA 2015-24/CVE-2015-0822 (bmo#1110557) Reading of local files\n through manipulation of form autocomplete\n\n", "published": "2015-03-22T21:04:42", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html", "cvelist": ["CVE-2015-0831", "CVE-2015-0818", "CVE-2015-0817", "CVE-2015-0836", "CVE-2015-0822", "CVE-2015-0827", "CVE-2015-0833"], "lastseen": "2016-09-04T11:28:41"}], "kaspersky": [{"id": "KLA10477", "type": "kaspersky", "title": "\r KLA10477Multiple vulnerabilities in Mozilla Firefox\t\t\t ", "description": "### *CVSS*:\n7.5\n\n### *Detect date*:\n03/20/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerability was found in Mozilla products. By exploiting this vulnerability malicious users execute arbitrary code or gain privileges. This vulnerability can be exploited remotely via a SVG navigation or vectors related to Java-Script JIT.\n\n### *Affected products*:\nFirefox versions earlier than 36.0.4 \nFirefox ESR versions earlier than 31.5.3 \nSeaMonkey versions earlier than 2.33.1\n\n### *Solution*:\nUpdate to latest version!\n\n### *Original advisories*:\n[MFSA](<https://www.mozilla.org/en-US/security/advisories/>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Mozilla SeaMonkey](<https://threats.kaspersky.com/en/product/Mozilla-SeaMonkey/>)\n\n### *CVE-IDS*:\n[CVE-2015-0817](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0817>) \n[CVE-2015-0818](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0818>)", "published": "2015-03-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10477", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2018-03-30T14:11:47"}], "ubuntu": [{"id": "USN-2538-1", "type": "ubuntu", "title": "Firefox vulnerabilities", "description": "A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0817)\n\nMariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context. (CVE-2015-0818)", "published": "2015-03-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/2538-1/", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2018-03-29T18:19:39"}], "freebsd": [{"id": "76FF65F4-17CA-4D3F-864A-A3D6026194FB", "type": "freebsd", "title": "mozilla -- multiple vulnerabilities", "description": "\nThe Mozilla Project reports:\n\nMFSA-2015-28 Privilege escalation through SVG navigation\nMFSA-2015-29 Code execution through incorrect JavaScript\n\t bounds checking elimination\n\n", "published": "2015-03-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/76ff65f4-17ca-4d3f-864a-a3d6026194fb.html", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-26T17:24:20"}], "debian": [{"id": "DSA-3201", "type": "debian", "title": "iceweasel -- security update", "description": "Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2015-0817](<https://security-tracker.debian.org/tracker/CVE-2015-0817>)\n\nilxu1a reported a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system.\n\n * [CVE-2015-0818](<https://security-tracker.debian.org/tracker/CVE-2015-0818>)\n\nMariusz Mlynski discovered a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 31.5.3esr-1~deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 31.5.3esr-1.\n\nWe recommend that you upgrade your iceweasel packages.", "published": "2015-03-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3201", "cvelist": ["CVE-2015-0818", "CVE-2015-0817"], "lastseen": "2016-09-02T18:19:43"}], "gentoo": [{"id": "GLSA-201504-01", "type": "gentoo", "title": "Mozilla Products: Multiple vulnerabilities", "description": "### Background\n\nMozilla Firefox is an open-source web browser and Mozilla Thunderbird an open-source email client, both from the Mozilla Project. The SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as the \u2018Mozilla Application Suite\u2019. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Firefox, Thunderbird, and SeaMonkey. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll firefox users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-31.5.3\"\n \n\nAll firefox-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/firefox-bin-31.5.3\"\n \n\nAll thunderbird users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/thunderbird-31.5.0\"\n \n\nAll thunderbird-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=mail-client/thunderbird-bin-31.5.0\"\n \n\nAll seamonkey users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-2.33.1\"\n \n\nAll seamonkey-bin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/seamonkey-bin-2.33.1\"\n \n\nAll nspr users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/nspr-4.10.6\"", "published": "2015-04-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201504-01", "cvelist": ["CVE-2015-0824", "CVE-2014-1505", "CVE-2014-1536", "CVE-2014-1577", "CVE-2014-1513", "CVE-2013-5601", "CVE-2013-5612", "CVE-2015-0831", "CVE-2013-5595", "CVE-2014-1530", "CVE-2014-1590", "CVE-2014-1586", "CVE-2014-1583", "CVE-2015-0832", "CVE-2013-5616", "CVE-2013-5607", "CVE-2014-1510", "CVE-2014-1566", "CVE-2013-5598", "CVE-2013-5613", "CVE-2014-1522", "CVE-2014-1587", "CVE-2014-1567", "CVE-2014-1481", "CVE-2014-1539", "CVE-2014-1487", "CVE-2015-0825", "CVE-2014-1594", "CVE-2014-1538", "CVE-2013-5609", "CVE-2015-0821", "CVE-2014-1525", "CVE-2013-5619", "CVE-2014-1509", "CVE-2014-1494", "CVE-2014-1559", "CVE-2014-1537", "CVE-2014-1582", "CVE-2014-1523", "CVE-2014-1576", "CVE-2014-8631", "CVE-2013-5615", "CVE-2014-1529", "CVE-2015-0828", "CVE-2013-5597", "CVE-2014-1543", "CVE-2014-1486", "CVE-2013-5590", "CVE-2013-5605", "CVE-2013-5610", "CVE-2014-1532", "CVE-2013-6671", "CVE-2014-1548", "CVE-2014-1584", "CVE-2014-1588", "CVE-2015-0826", "CVE-2014-1531", "CVE-2014-1508", "CVE-2014-1502", "CVE-2014-1542", "CVE-2014-1477", "CVE-2014-1578", "CVE-2013-1741", "CVE-2014-1540", "CVE-2014-1534", "CVE-2014-8642", "CVE-2014-1482", "CVE-2014-8637", "CVE-2014-1479", "CVE-2014-1504", "CVE-2014-8636", "CVE-2014-1580", "CVE-2014-1511", "CVE-2015-0819", "CVE-2014-1520", "CVE-2015-0834", "CVE-2014-1545", "CVE-2013-5592", "CVE-2014-1492", "CVE-2014-1556", "CVE-2013-5606", "CVE-2015-0818", "CVE-2014-1563", "CVE-2014-1524", "CVE-2014-8632", "CVE-2014-1512", "CVE-2014-1581", "CVE-2013-5604", "CVE-2014-1514", "CVE-2014-1592", "CVE-2014-8641", "CVE-2014-1490", "CVE-2015-0835", "CVE-2014-1498", "CVE-2014-1589", "CVE-2014-1565", "CVE-2014-1568", "CVE-2014-1555", "CVE-2014-1564", "CVE-2014-1574", "CVE-2014-1558", "CVE-2014-1551", "CVE-2014-1519", "CVE-2014-1547", "CVE-2014-1480", "CVE-2014-5369", "CVE-2014-1500", "CVE-2014-1497", "CVE-2013-5596", "CVE-2014-1478", "CVE-2014-1485", "CVE-2015-0817", "CVE-2014-1493", "CVE-2014-1544", "CVE-2014-8634", "CVE-2013-2566", "CVE-2015-0823", "CVE-2013-5603", "CVE-2013-6673", "CVE-2014-1562", "CVE-2015-0836", "CVE-2014-1541", "CVE-2014-1488", "CVE-2014-1552", "CVE-2013-5599", "CVE-2014-1553", "CVE-2014-8639", "CVE-2015-0829", "CVE-2014-1549", "CVE-2013-5591", "CVE-2013-5602", "CVE-2015-0822", "CVE-2014-1496", "CVE-2014-1554", "CVE-2015-0830", "CVE-2015-0827", "CVE-2014-8640", "CVE-2014-1557", "CVE-2014-1526", "CVE-2013-5593", "CVE-2014-1550", "CVE-2014-1533", "CVE-2014-1491", "CVE-2013-6672", "CVE-2013-5614", "CVE-2014-1575", "CVE-2014-8635", "CVE-2014-8638", "CVE-2014-1560", "CVE-2014-1585", "CVE-2014-1483", "CVE-2014-1489", "CVE-2014-1591", "CVE-2014-1593", "CVE-2015-0820", "CVE-2013-5600", "CVE-2014-1499", "CVE-2014-1518", "CVE-2014-1561", "CVE-2015-0833", "CVE-2013-5618"], "lastseen": "2016-09-06T19:46:40"}]}}