CVE-2015-0801

N/A Unknown
Published: April 01, 2015 Modified: November 25, 2025
View on NVD

Description

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
Source: security@mozilla.org
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
Source: security@mozilla.org
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
Source: security@mozilla.org
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Source: security@mozilla.org
http://rhn.redhat.com/errata/RHSA-2015-0766.html
Source: security@mozilla.org
http://rhn.redhat.com/errata/RHSA-2015-0771.html
Source: security@mozilla.org
http://www.debian.org/security/2015/dsa-3211
Source: security@mozilla.org
http://www.debian.org/security/2015/dsa-3212
Source: security@mozilla.org
http://www.mozilla.org/security/announce/2015/mfsa2015-40.html
Source: security@mozilla.org
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Source: security@mozilla.org
http://www.securityfocus.com/bid/73455
Source: security@mozilla.org
http://www.securitytracker.com/id/1031996
Source: security@mozilla.org
http://www.securitytracker.com/id/1032000
Source: security@mozilla.org
http://www.ubuntu.com/usn/USN-2550-1
Source: security@mozilla.org
http://www.ubuntu.com/usn/USN-2552-1
Source: security@mozilla.org
https://bugzilla.mozilla.org/show_bug.cgi?id=1146339
Source: security@mozilla.org
https://security.gentoo.org/glsa/201512-10
Source: security@mozilla.org
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://rhn.redhat.com/errata/RHSA-2015-0766.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://rhn.redhat.com/errata/RHSA-2015-0771.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2015/dsa-3211
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2015/dsa-3212
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2015/mfsa2015-40.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/73455
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1031996
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id/1032000
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-2550-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-2552-1
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.mozilla.org/show_bug.cgi?id=1146339
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.gentoo.org/glsa/201512-10
Source: af854a3a-2127-422b-91ae-364da2661108

34 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.2%
78th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

mozilla

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3