Bugzilla – Bug 925402
VUL-0: CVE-2015-0802: MozillaFirefox: Windows can retain access to privileged content on navigation to unprivileged pages (MFSA 2015-42)
Last modified: 2015-04-08 09:06:51 UTC
Windows can retain access to privileged content on navigation to unprivileged pages Announced: March 31, 2015 Reporter: Bobby Holley Impact: Moderate Products: Firefox Fixed in: Firefox 37 Description Mozilla developer Bobby Holley reported that windows created to hold privileged UI content retained access to privileged internal methods if later navigated to unprivileged content. If a separate flaw was found that allowed for web content to reference these privileged windows, an attacker could use this reference to navigate them to their own content allowing for an escalation of privilege and arbitrary code execution. On its own, this flaw does not allow for privilege escalation by web content. References: https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/ https://bugzilla.mozilla.org/show_bug.cgi?id=1124898 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0802
Update for openSUSE 13.1 and 13.2 is running, assigning openSUSE only bugs back to security team.
merge into parent *** This bug has been marked as a duplicate of bug 925368 ***
openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166 CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816 Sources used: openSUSE 13.2 (src): MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1 openSUSE 13.1 (src): MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1