CVE-2015-0816

N/A Unknown

Published: April 01, 2015 Modified: November 25, 2025

Description

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-0766.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2015-0771.html

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3211

Source: security@mozilla.org

http://www.debian.org/security/2015/dsa-3212

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2015/mfsa2015-33.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: security@mozilla.org

http://www.securityfocus.com/bid/73461

Source: security@mozilla.org

http://www.securitytracker.com/id/1031996

Source: security@mozilla.org

http://www.securitytracker.com/id/1032000

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2550-1

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-2552-1

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1144991

Source: security@mozilla.org

https://security.gentoo.org/glsa/201512-10

Source: security@mozilla.org

https://www.exploit-db.com/exploits/37958/

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0766.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0771.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3211

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2015/mfsa2015-33.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/73461

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031996

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032000

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2550-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2552-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1144991

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201512-10

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/37958/

Source: af854a3a-2127-422b-91ae-364da2661108

36 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

85.4%

99th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

mozilla

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3