|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2015-0802: MozillaFirefox: Windows can retain access to privileged content on navigation to unprivileged pages (MFSA 2015-42) | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Andreas Stieger <astieger> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED DUPLICATE | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | pcerny |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | openSUSE 13.2 | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 925368 | ||
Update for openSUSE 13.1 and 13.2 is running, assigning openSUSE only bugs back to security team. merge into parent *** This bug has been marked as a duplicate of bug 925368 *** openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166 CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816 Sources used: openSUSE 13.2 (src): MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1 openSUSE 13.1 (src): MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1 |
Windows can retain access to privileged content on navigation to unprivileged pages Announced: March 31, 2015 Reporter: Bobby Holley Impact: Moderate Products: Firefox Fixed in: Firefox 37 Description Mozilla developer Bobby Holley reported that windows created to hold privileged UI content retained access to privileged internal methods if later navigated to unprivileged content. If a separate flaw was found that allowed for web content to reference these privileged windows, an attacker could use this reference to navigate them to their own content allowing for an escalation of privilege and arbitrary code execution. On its own, this flaw does not allow for privilege escalation by web content. References: https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/ https://bugzilla.mozilla.org/show_bug.cgi?id=1124898 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0802