Mozilla Firefox/Thunderbird Same-Origin Policy access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.4 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Mozilla Firefox and Thunderbird and classified as critical. This impacts an unknown function of the component Same-Origin Policy Handler. Executing a manipulation can lead to access control. This vulnerability is tracked as CVE-2015-0801. No exploit exists. It is suggested to upgrade the affected component.
Details
A vulnerability classified as critical was found in Mozilla Firefox and Thunderbird (Web Browser). This vulnerability affects an unknown code of the component Same-Origin Policy Handler. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability.
The weakness was disclosed 03/31/2015 by Olli Pettay and Boris Zbarsky with Mozilla as MFSA 2015-40 as confirmed security advisory (Website). The advisory is shared for download at mozilla.org. This vulnerability was named CVE-2015-0801 since 01/07/2015. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1068. The advisory points out:
Mozilla developer Christoph Kerschbaumer discovered an issue while investigating Mozilla Foundation Security Advisory 2015-03, previously reported by security researcher Muneaki Nishimura. This flaw was that a cross-origin resource sharing (CORS) request should not follow 30x redirections after preflight according to the specification. This only affects sendBeacon() requests but could allow for a potential Cross-site request forgery (XSRF) attack from malicious websites.
The vulnerability scanner Nessus provides a plugin with the ID 82495 (RHEL 5 / 6 / 7 : firefox (RHSA-2015:0766)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Red Hat Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 157079 (Oracle Enterprise Linux Security Update for firefox (ELSA-2015-0766)).
Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (102015), Tenable (82495), SecurityFocus (BID 73454†), SecurityTracker (ID 1031996†) and Vulnerability Center (SBV-49298†). Additional details are provided at bugzilla.mozilla.org. The entries VDB-74499, VDB-74500, VDB-74501 and VDB-74502 are pretty similar. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Affected
- Mozilla Firefox 36
- Mozilla Firefox ESR 31.5
- Mozilla Thunderbird 31.5
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.mozilla.org/
- Product: https://www.mozilla.org/en-US/firefox/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.4
VulDB Base Score: 7.3
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 82495
Nessus Name: RHEL 5 / 6 / 7 : firefox (RHSA-2015:0766)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 703211
OpenVAS Name: Debian Security Advisory DSA 3211-1 (iceweasel - security update)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
01/07/2015 🔍03/31/2015 🔍
03/31/2015 🔍
03/31/2015 🔍
03/31/2015 🔍
03/31/2015 🔍
04/01/2015 🔍
04/01/2015 🔍
04/01/2015 🔍
04/01/2015 🔍
10/22/2024 🔍
Sources
Vendor: mozilla.orgProduct: mozilla.org
Advisory: MFSA 2015-40
Researcher: Olli Pettay, Boris Zbarsky
Organization: Mozilla
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-0801 (🔍)
GCVE (CVE): GCVE-0-2015-0801
GCVE (VulDB): GCVE-100-74512
OVAL: 🔍
X-Force: 102015 - Mozilla Firefox and Thunderbird anchor navigation security bypass
SecurityFocus: 73454 - Mozilla Firefox CVE-2015-0802 Security Bypass Vulnerability
SecurityTracker: 1031996 - Mozilla Firefox Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information
Vulnerability Center: 49298 - Mozilla Firefox, Firefox ESR and Thunderbird Remote Code Execution via Vectors Involving Anchor Navigation, Medium
Misc.: 🔍
See also: 🔍
Entry
Created: 04/01/2015 13:19Updated: 10/22/2024 18:29
Changes: 04/01/2015 13:19 (78), 06/24/2017 09:28 (10), 05/02/2022 09:06 (3), 05/02/2022 09:09 (1), 10/22/2024 18:29 (15)
Complete: 🔍
Cache ID: 216:E57:103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.