|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2015-0801: MozillaFirefox,MozillaThunderbird: Same-origin bypass through anchor navigation (MFSA 2015-40) | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Andreas Stieger <astieger> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED DUPLICATE | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | smash_bz, wolfgang |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/115393/ | ||
| Whiteboard: | maint:running:61408:moderate | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 925368 | ||
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-04-15. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61408 bugbot adjusting priority merge into parent *** This bug has been marked as a duplicate of bug 925368 *** openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166 CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816 Sources used: openSUSE 13.2 (src): MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1 openSUSE 13.1 (src): MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1 |
Same-origin bypass through anchor navigation Announced: March 31, 2015 Reporter: Olli Pettay, Boris Zbarsky Impact: High Products: Firefox, Firefox ESR, Thunderbird Fixed in: Firefox 37 Firefox ESR 31.6 Thunderbird 31.6 Description Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass same-origin policy protections to run scripts in a privileged context. This newer variant found that the same flaw could be used during anchor navigation of a page, allowing bypassing of same-origin policy protections. In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts. References: https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/ https://bugzilla.mozilla.org/show_bug.cgi?id=1146339 https://bugzilla.redhat.com/show_bug.cgi?id=1207084 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801