Lucene search
MozillaCVE-2015-0820HistoryFeb 25, 2015 - 11:59 a.m.
CVE-2015-0820
2015-02-2511:59:01
CWE-284
mozilla
web.nvd.nist.gov
48
mozilla firefox
cve-2015-0820
sandbox bypass
web security
nvd
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
9.1
Confidence
High
EPSS
0.004
Percentile
73.4%
Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site.
Affected configurations
Node
opensuseopensuseMatch13.1
ORopensuseopensuseMatch13.2
Node
mozillafirefoxRange≤35.0.1
ORmozillafirefoxMatch0.1
ORmozillafirefoxMatch0.2
ORmozillafirefoxMatch0.3
ORmozillafirefoxMatch0.4
ORmozillafirefoxMatch0.5
ORmozillafirefoxMatch0.6
ORmozillafirefoxMatch0.6.1
ORmozillafirefoxMatch0.7
ORmozillafirefoxMatch0.7.1
ORmozillafirefoxMatch0.8
ORmozillafirefoxMatch0.9
ORmozillafirefoxMatch0.9rc
ORmozillafirefoxMatch0.9.1
ORmozillafirefoxMatch0.9.2
ORmozillafirefoxMatch0.9.3
ORmozillafirefoxMatch0.10
ORmozillafirefoxMatch0.10.1
ORmozillafirefoxMatch1.0
ORmozillafirefoxMatch1.0preview_release
ORmozillafirefoxMatch1.0.1
ORmozillafirefoxMatch1.0.2
ORmozillafirefoxMatch1.0.3
ORmozillafirefoxMatch1.0.4
ORmozillafirefoxMatch1.0.5
ORmozillafirefoxMatch1.0.6
ORmozillafirefoxMatch1.0.7
ORmozillafirefoxMatch1.0.8
ORmozillafirefoxMatch1.4.1
ORmozillafirefoxMatch1.5
ORmozillafirefoxMatch1.5beta1
ORmozillafirefoxMatch1.5beta2
ORmozillafirefoxMatch1.5.0.1
ORmozillafirefoxMatch1.5.0.2
ORmozillafirefoxMatch1.5.0.3
ORmozillafirefoxMatch1.5.0.4
ORmozillafirefoxMatch1.5.0.5
ORmozillafirefoxMatch1.5.0.6
ORmozillafirefoxMatch1.5.0.7
ORmozillafirefoxMatch1.5.0.8
ORmozillafirefoxMatch1.5.0.9
ORmozillafirefoxMatch1.5.0.10
ORmozillafirefoxMatch1.5.0.11
ORmozillafirefoxMatch1.5.0.12
ORmozillafirefoxMatch1.5.1
ORmozillafirefoxMatch1.5.2
ORmozillafirefoxMatch1.5.3
ORmozillafirefoxMatch1.5.4
ORmozillafirefoxMatch1.5.5
ORmozillafirefoxMatch1.5.6
ORmozillafirefoxMatch1.5.7
ORmozillafirefoxMatch1.5.8
ORmozillafirefoxMatch1.8
ORmozillafirefoxMatch2.0
ORmozillafirefoxMatch2.0.0.1
ORmozillafirefoxMatch2.0.0.2
ORmozillafirefoxMatch2.0.0.3
ORmozillafirefoxMatch2.0.0.4
ORmozillafirefoxMatch2.0.0.5
ORmozillafirefoxMatch2.0.0.6
ORmozillafirefoxMatch2.0.0.7
ORmozillafirefoxMatch2.0.0.8
ORmozillafirefoxMatch2.0.0.9
ORmozillafirefoxMatch2.0.0.10
ORmozillafirefoxMatch2.0.0.11
ORmozillafirefoxMatch2.0.0.12
ORmozillafirefoxMatch2.0.0.13
ORmozillafirefoxMatch2.0.0.14
ORmozillafirefoxMatch2.0.0.15
ORmozillafirefoxMatch2.0.0.16
ORmozillafirefoxMatch2.0.0.17
ORmozillafirefoxMatch2.0.0.18
ORmozillafirefoxMatch2.0.0.19
ORmozillafirefoxMatch2.0.0.20
ORmozillafirefoxMatch3.0
ORmozillafirefoxMatch3.0.1
ORmozillafirefoxMatch3.0.2
ORmozillafirefoxMatch3.0.3
ORmozillafirefoxMatch3.0.4
ORmozillafirefoxMatch3.0.5
ORmozillafirefoxMatch3.0.6
ORmozillafirefoxMatch3.0.7
ORmozillafirefoxMatch3.0.8
ORmozillafirefoxMatch3.0.9
ORmozillafirefoxMatch3.0.10
ORmozillafirefoxMatch3.0.11
ORmozillafirefoxMatch3.0.12
ORmozillafirefoxMatch3.0.13
ORmozillafirefoxMatch3.0.14
ORmozillafirefoxMatch3.0.15
ORmozillafirefoxMatch3.0.16
ORmozillafirefoxMatch3.0.17
ORmozillafirefoxMatch3.0.18
ORmozillafirefoxMatch3.0.19
ORmozillafirefoxMatch3.5
ORmozillafirefoxMatch3.5.1
ORmozillafirefoxMatch3.5.2
ORmozillafirefoxMatch3.5.3
ORmozillafirefoxMatch3.5.4
ORmozillafirefoxMatch3.5.5
ORmozillafirefoxMatch3.5.6
ORmozillafirefoxMatch3.5.7
ORmozillafirefoxMatch3.5.8
ORmozillafirefoxMatch3.5.9
ORmozillafirefoxMatch3.5.10
ORmozillafirefoxMatch3.5.11
ORmozillafirefoxMatch3.5.12
ORmozillafirefoxMatch3.5.13
ORmozillafirefoxMatch3.5.14
ORmozillafirefoxMatch3.5.15
ORmozillafirefoxMatch3.5.16
ORmozillafirefoxMatch3.5.17
ORmozillafirefoxMatch3.5.18
ORmozillafirefoxMatch3.5.19
ORmozillafirefoxMatch3.6
ORmozillafirefoxMatch3.6.2
ORmozillafirefoxMatch3.6.3
ORmozillafirefoxMatch3.6.4
ORmozillafirefoxMatch3.6.6
ORmozillafirefoxMatch3.6.7
ORmozillafirefoxMatch3.6.8
ORmozillafirefoxMatch3.6.9
ORmozillafirefoxMatch3.6.10
ORmozillafirefoxMatch3.6.11
ORmozillafirefoxMatch3.6.12
ORmozillafirefoxMatch3.6.13
ORmozillafirefoxMatch3.6.14
ORmozillafirefoxMatch3.6.15
ORmozillafirefoxMatch3.6.16
ORmozillafirefoxMatch3.6.17
ORmozillafirefoxMatch3.6.18
ORmozillafirefoxMatch3.6.19
ORmozillafirefoxMatch3.6.20
ORmozillafirefoxMatch3.6.21
ORmozillafirefoxMatch3.6.22
ORmozillafirefoxMatch3.6.23
ORmozillafirefoxMatch3.6.24
ORmozillafirefoxMatch3.6.25
ORmozillafirefoxMatch3.6.26
ORmozillafirefoxMatch3.6.27
ORmozillafirefoxMatch3.6.28
ORmozillafirefoxMatch4.0
ORmozillafirefoxMatch4.0beta1
ORmozillafirefoxMatch4.0beta10
ORmozillafirefoxMatch4.0beta11
ORmozillafirefoxMatch4.0beta12
ORmozillafirefoxMatch4.0beta2
ORmozillafirefoxMatch4.0beta3
ORmozillafirefoxMatch4.0beta4
ORmozillafirefoxMatch4.0beta5
ORmozillafirefoxMatch4.0beta6
ORmozillafirefoxMatch4.0beta7
ORmozillafirefoxMatch4.0beta8
ORmozillafirefoxMatch4.0beta9
ORmozillafirefoxMatch4.0.1
ORmozillafirefoxMatch5.0
ORmozillafirefoxMatch5.0.1
ORmozillafirefoxMatch6.0
ORmozillafirefoxMatch6.0.1
ORmozillafirefoxMatch6.0.2
ORmozillafirefoxMatch7.0
ORmozillafirefoxMatch7.0.1
ORmozillafirefoxMatch8.0
ORmozillafirefoxMatch8.0.1
ORmozillafirefoxMatch9.0
ORmozillafirefoxMatch9.0.1
ORmozillafirefoxMatch10.0
ORmozillafirefoxMatch10.0.1
ORmozillafirefoxMatch10.0.2
ORmozillafirefoxMatch10.0.3
ORmozillafirefoxMatch10.0.4
ORmozillafirefoxMatch10.0.5
ORmozillafirefoxMatch10.0.6
ORmozillafirefoxMatch10.0.7
ORmozillafirefoxMatch10.0.8
ORmozillafirefoxMatch10.0.9
ORmozillafirefoxMatch10.0.10
ORmozillafirefoxMatch10.0.11
ORmozillafirefoxMatch10.0.12
ORmozillafirefoxMatch11.0
ORmozillafirefoxMatch12.0
ORmozillafirefoxMatch12.0beta6
ORmozillafirefoxMatch13.0
ORmozillafirefoxMatch13.0.1
ORmozillafirefoxMatch14.0
ORmozillafirefoxMatch14.0.1
ORmozillafirefoxMatch15.0
ORmozillafirefoxMatch15.0.1
ORmozillafirefoxMatch16.0
ORmozillafirefoxMatch16.0.1
ORmozillafirefoxMatch16.0.2
ORmozillafirefoxMatch17.0
ORmozillafirefoxMatch17.0.1
ORmozillafirefoxMatch17.0.2
ORmozillafirefoxMatch17.0.3
ORmozillafirefoxMatch17.0.4
ORmozillafirefoxMatch17.0.5
ORmozillafirefoxMatch17.0.6
ORmozillafirefoxMatch17.0.7
ORmozillafirefoxMatch17.0.8
ORmozillafirefoxMatch17.0.9
ORmozillafirefoxMatch17.0.10
ORmozillafirefoxMatch17.0.11
ORmozillafirefoxMatch18.0
ORmozillafirefoxMatch18.0.1
ORmozillafirefoxMatch18.0.2
ORmozillafirefoxMatch19.0
ORmozillafirefoxMatch19.0.1
ORmozillafirefoxMatch19.0.2
ORmozillafirefoxMatch20.0
ORmozillafirefoxMatch20.0.1
ORmozillafirefoxMatch21.0
ORmozillafirefoxMatch22.0
ORmozillafirefoxMatch23.0
ORmozillafirefoxMatch23.0.1
ORmozillafirefoxMatch24.0
ORmozillafirefoxMatch24.1
ORmozillafirefoxMatch24.1.1
ORmozillafirefoxMatch25.0
ORmozillafirefoxMatch25.0.1
ORmozillafirefoxMatch26.0
ORmozillafirefoxMatch27.0
ORmozillafirefoxMatch27.0.1
ORmozillafirefoxMatch28.0
ORmozillafirefoxMatch29.0
ORmozillafirefoxMatch29.0.1
ORmozillafirefoxMatch30.0
ORmozillafirefoxMatch31.0
ORmozillafirefoxMatch31.1.0
ORmozillafirefoxMatch32.0
ORmozillafirefoxMatch33.0
ORmozillafirefoxMatch34.0.5
Node
canonicalubuntu_linuxMatch12.04lts
ORcanonicalubuntu_linuxMatch14.04lts
ORcanonicalubuntu_linuxMatch14.10
| Vendor | Product | Version | CPE |
|---|---|---|---|
| opensuse | opensuse | 13.1 | cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
| mozilla | firefox | * | cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* |
| mozilla | firefox | 0.1 | cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:* |
| mozilla | firefox | 0.2 | cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:* |
| mozilla | firefox | 0.3 | cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:* |
| mozilla | firefox | 0.4 | cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:* |
| mozilla | firefox | 0.5 | cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:* |
| mozilla | firefox | 0.6 | cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:* |
| mozilla | firefox | 0.6.1 | cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html
lists.opensuse.org/opensuse-updates/2015-03/msg00067.html
www.mozilla.org/security/announce/2015/mfsa2015-27.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/72757
www.ubuntu.com/usn/USN-2505-1
bugzilla.mozilla.org/show_bug.cgi?id=1125389
security.gentoo.org/glsa/201504-01
Related
cvelist
cvelist
CVE-2015-0820
2015-02-25 11:00:00
mozilla
mozilla
Caja Compiler JavaScript sandbox bypass — Mozilla
2015-02-24 00:00:00
prion
prion
Authentication flaw
2015-02-25 11:59:00
ubuntucve
ubuntucve
CVE-2015-0820
2015-02-25 00:00:00
nvd
nvd
CVE-2015-0820
2015-02-25 11:59:01
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-27) - Linux
2021-11-11 00:00:00
Ubuntu: Security Advisory (USN-2505-2)
2015-03-10 00:00:00
Mozilla Firefox Multiple Vulnerabilities-01 (Mar 2015) - Mac OS X
2015-03-03 00:00:00
ubuntu
ubuntu
Firefox regression
2015-03-09 00:00:00
Firefox vulnerabilities
2015-02-25 00:00:00
mageia
mageia
Updated iceape packages fix security vulnerabilities
2015-04-03 16:11:23
nessus
nessus
Ubuntu 14.04 LTS : Firefox regression (USN-2505-2)
2015-03-10 00:00:00
Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2505-1)
2015-02-26 00:00:00
Firefox < 36.0 Multiple Vulnerabilities (Mac OS X)
2015-02-25 00:00:00
suse
suse
Security update for MozillaFirefox, mozilla-nss (important)
2015-03-01 11:04:54
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-02-24 00:00:00
kaspersky
kaspersky
KLA10464 Multiple vulnerabilities in Mozilla products
2015-02-24 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-03-22 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-04-07 00:00:00
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
9.1
Confidence
High
EPSS
0.004
Percentile
73.4%
Related for CVE-2015-0820