Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11616

HistoryJan 15, 2019 - 9:05 a.m.

Arbitrary Code Execution

2019-01-1509:05:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

firefox is vulnerable to arbitrary code execution attacks. The vulnerability exists as Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

CPENameOperatorVersion
firefoxeq3.6.17__1.el6_0
firefoxeq31.5.0__1.el6_6
firefoxeq24.4.0__1.el6_5
firefoxeq10.0.5__1.el6_2
firefoxeq10.0.8__1.el6_3
firefoxeq1.5.0.12__15.el5_1
firefoxeq3.6.14__4.el6_0
firefoxeq17.0.10__1.el6_4
firefoxeq3.6.26__1.el5_7
firefoxeq31.5.3__1.el5_11

Rows per page:

1-10 of 2251

References

lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

rhn.redhat.com/errata/RHSA-2015-0766.html

rhn.redhat.com/errata/RHSA-2015-0766.html

rhn.redhat.com/errata/RHSA-2015-0771.html

rhn.redhat.com/errata/RHSA-2015-0771.html

www.debian.org/security/2015/dsa-3211

www.debian.org/security/2015/dsa-3211

www.debian.org/security/2015/dsa-3212

www.debian.org/security/2015/dsa-3212

www.mozilla.org/security/announce/2015/mfsa2015-40.html

www.mozilla.org/security/announce/2015/mfsa2015-40.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/73455

www.securityfocus.com/bid/73455

www.securitytracker.com/id/1031996

www.securitytracker.com/id/1031996

www.securitytracker.com/id/1032000

www.securitytracker.com/id/1032000

www.ubuntu.com/usn/USN-2550-1

www.ubuntu.com/usn/USN-2550-1

www.ubuntu.com/usn/USN-2552-1

www.ubuntu.com/usn/USN-2552-1

access.redhat.com/security/updates/classification/#critical

bugzilla.mozilla.org/show_bug.cgi?id=1146339

bugzilla.mozilla.org/show_bug.cgi?id=1146339

rhn.redhat.com/errata/RHSA-2015-0766.html

security.gentoo.org/glsa/201512-10

security.gentoo.org/glsa/201512-10

www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr31.6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for VERACODE:11616

ubuntucve2 prion2 cve2 nessus42 mozilla2 zdi1 openvas57 debian5 redhat3 kaspersky1 mageia4 suse11 archlinux3 veracode5 centos3 freebsd2 ubuntu3 oraclelinux3 osv1 ibm2 securityvulns2 gentoo2