Lucene search
Mariusz MlynskiZDI-15-110HistoryApr 03, 2015 - 12:00 a.m.
(Pwn2Own) Mozilla Firefox resource: URL Remote Code Execution Vulnerability
2015-04-0300:00:00
Mariusz Mlynski
www.zerodayinitiative.com
18
EPSS
0.961
Percentile
99.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of documents loaded through the resource: URL. As the same flag was used for chrome: and resource: URLs, these pages were able to subsequently load privileged chrome pages. By combining this with a same-origin policy bypass, an attacker could execute arbitrary code in the context of the current user.
Related
nvd
nvd
CVE-2015-0816
2015-04-01 10:59:14
mozilla
mozilla
resource:// documents can load privileged pages — Mozilla
2015-03-31 00:00:00
prion
prion
Design/Logic Flaw
2015-04-01 10:59:00
cve
cve
CVE-2015-0816
2015-04-01 10:59:14
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-33) - Linux
2021-11-11 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Apr 2015) - Mac OS X
2015-04-06 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities-01 (Apr 2015) - Windows
2015-04-06 00:00:00
zdt
zdt
Firefox PDF.js Privileged Javascript Injection Exploit
2015-08-23 00:00:00
cvelist
cvelist
CVE-2015-0816
2015-04-01 10:00:00
ubuntucve
ubuntucve
CVE-2015-0816
2015-04-01 00:00:00
packetstorm
packetstorm
Firefox PDF.js Privileged Javascript Injection
2015-08-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Firefox PDF.js Javascript Injection (CVE-2015-0802; CVE-2015-0816)
2017-08-29 00:00:00
nessus
nessus
Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150401)
2015-04-02 00:00:00
Debian DSA-3211-1 : iceweasel - security update
2015-04-02 00:00:00
RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:0771)
2015-04-02 00:00:00
debian
debian
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:19
[SECURITY] [DSA 3212-1] icedove security update
2015-04-02 20:35:14
[SECURITY] [DSA 3211-1] iceweasel security update
2015-04-01 16:10:19
centos
centos
firefox, xulrunner security update
2015-03-31 23:44:15
thunderbird security update
2015-04-01 14:33:26
veracode
veracode
Cross-Site Request Forgery (CSRF)
2019-05-02 05:12:57
Arbitrary Code Execution
2019-05-02 05:12:58
Denial Of Service (DoS)
2019-05-02 05:12:58
archlinux
archlinux
thunderbird: multiple issues
2015-04-04 00:00:00
firefox: multiple issues
2015-04-01 00:00:00
oraclelinux
oraclelinux
firefox security update
2015-04-01 00:00:00
thunderbird security update
2015-04-01 00:00:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2015-04-02 00:00:00
Firefox vulnerabilities
2015-04-01 00:00:00
redhat
redhat
(RHSA-2015:0771) Important: thunderbird security update
2015-04-01 00:00:00
(RHSA-2015:0766) Critical: firefox security update
2015-03-31 00:00:00
mageia
mageia
Updated firefox & thunderbird packages fix security vulnerabilities
2015-04-03 16:11:23
Updated iceape packages fix security vulnerabilities
2015-09-08 10:20:40
suse
suse
Security update for MozillaFirefox (important)
2015-04-10 17:04:55
Security update for MozillaFirefox (important)
2015-04-10 18:04:46
Update to Firefox 31.7.0esr (important)
2015-05-18 13:04:51
kaspersky
kaspersky
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-03-31 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2015-04-08 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2015-12-30 00:00:00