Lucene search

K

Veracode Vulnerability DatabaseVERACODE:11616

HistoryJan 15, 2019 - 9:05 a.m.

Arbitrary Code Execution

2019-01-1509:05:01

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

20

EPSS

0.078

Percentile

94.2%

firefox is vulnerable to arbitrary code execution attacks. The vulnerability exists as Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

References

lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

rhn.redhat.com/errata/RHSA-2015-0766.html

rhn.redhat.com/errata/RHSA-2015-0766.html

rhn.redhat.com/errata/RHSA-2015-0771.html

rhn.redhat.com/errata/RHSA-2015-0771.html

www.debian.org/security/2015/dsa-3211

www.debian.org/security/2015/dsa-3211

www.debian.org/security/2015/dsa-3212

www.debian.org/security/2015/dsa-3212

www.mozilla.org/security/announce/2015/mfsa2015-40.html

www.mozilla.org/security/announce/2015/mfsa2015-40.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/73455

www.securityfocus.com/bid/73455

www.securitytracker.com/id/1031996

www.securitytracker.com/id/1031996

www.securitytracker.com/id/1032000

www.securitytracker.com/id/1032000

www.ubuntu.com/usn/USN-2550-1

www.ubuntu.com/usn/USN-2550-1

www.ubuntu.com/usn/USN-2552-1

www.ubuntu.com/usn/USN-2552-1

access.redhat.com/security/updates/classification/#critical

bugzilla.mozilla.org/show_bug.cgi?id=1146339

bugzilla.mozilla.org/show_bug.cgi?id=1146339

rhn.redhat.com/errata/RHSA-2015-0766.html

security.gentoo.org/glsa/201512-10

security.gentoo.org/glsa/201512-10

www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr31.6

EPSS

0.078

Percentile

94.2%

Related for VERACODE:11616

ubuntucve2 cvelist2 nvd2 cve2 prion2 nessus42 openvas57 zdi1 mozilla2 suse11 archlinux3 kaspersky1 mageia4 redhat3 debian5 oraclelinux3 osv1 veracode5 freebsd2 centos3 ubuntu3 ibm2 securityvulns2 gentoo2