Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mozillaMozilla FoundationMFSA2015-57
HistoryMay 12, 2015 - 12:00 a.m.

Privilege escalation through IPC channel messages — Mozilla

2015-05-1200:00:00
Mozilla Foundation
www.mozilla.org
37

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.7%

JSON

Mozilla Developer Jed Davis and Mozilla security engineer Christoph Diehl reported that Mozilla had inherited a Inter-process Communication (IPC) vulnerability when IPC was introduced into Mozilla products through third-party code. This could allow for privilege escalation through IPC channels due to lack of message validation in the listener process.

Affected configurations

Vulners
Node
mozillafirefoxRange<38
OR
mozillafirefox_esrRange<31.7
OR
mozillaseamonkeyRange<2.35
OR
mozillathunderbirdRange<31.7
OR
mozillathunderbirdRange<38.0.1

Related

nvd 2
cve 2
openvas 15
debiancve 2
prion 2
ubuntucve 2
cvelist 2
redhatcve 1
alpinelinux 1
mozilla 3
nessus 28
freebsd 2
chrome 1
threatpost 1
debian 1
archlinux 1
suse 2
securityvulns 1
kaspersky 1
nvd
nvd
CVE-2011-3079
2012-05-01 10:12:04
CVE-2018-18505
2019-02-05 21:29:00
cve
cve
CVE-2011-3079
2012-05-01 10:12:04
CVE-2018-18505
2019-02-05 21:29:00
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-57) - Linux
2021-11-11 00:00:00
FreeBSD Ports: chromium
2012-05-31 00:00:00
Google Chrome Multiple Denial of Service Vulnerabilities - May 12 (Mac OS X)
2012-05-07 00:00:00
debiancve
debiancve
CVE-2011-3079
2012-05-01 10:12:00
CVE-2018-18505
2019-02-05 21:29:00
prion
prion
Information disclosure
2012-05-01 10:12:00
Authentication flaw
2019-02-05 21:29:00
ubuntucve
ubuntucve
CVE-2011-3079
2012-05-01 00:00:00
CVE-2018-18505
2019-01-30 00:00:00
cvelist
cvelist
CVE-2011-3079
2012-05-01 10:00:00
CVE-2018-18505
2019-02-05 21:00:00
redhatcve
redhatcve
CVE-2018-18505
2019-10-16 00:19:03
alpinelinux
alpinelinux
CVE-2018-18505
2019-02-05 21:29:00
mozilla
mozilla
Security vulnerabilities fixed in Firefox ESR 60.5 — Mozilla
2019-01-29 00:00:00
Security vulnerabilities fixed in Thunderbird 60.5 — Mozilla
2019-01-29 00:00:00
Security vulnerabilities fixed in Firefox 65 — Mozilla
2019-01-29 00:00:00
nessus
nessus
Mozilla Firefox ESR < 60.5
2019-01-30 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0053)
2019-08-12 00:00:00
Mozilla Firefox ESR < 60.5
2019-01-30 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-04-30 00:00:00
mozilla -- multiple vulnerabilities
2015-05-12 00:00:00
chrome
chrome
Stable Channel Update
2012-04-30 00:00:00
threatpost
threatpost
Google Fixes Five Bugs in Chrome 18
2012-05-02 11:27:02
debian
debian
[SECURITY] [DSA 3260-1] iceweasel security update
2015-05-13 17:22:46
archlinux
archlinux
[ASA-201902-2] firefox: multiple issues
2019-02-06 00:00:00
suse
suse
Update to Firefox 31.7.0esr (important)
2015-05-18 13:04:51
Mozilla (Firefox/Thunderbird) updates to 31.8.0 (important)
2015-07-18 19:07:56
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-05-13 00:00:00
kaspersky
kaspersky
KLA10584 Multiple vulnerabilities in Mozilla products
2015-05-12 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.011 Low

EPSS

Percentile

84.7%

JSON
Related for MFSA2015-57
nvd2cve2openvas15debiancve2prion2ubuntucve2cvelist2redhatcve1alpinelinux1mozilla3nessus28freebsd2chrome1threatpost1debian1archlinux1suse2securityvulns1kaspersky1