What is CVE-2015-0802?

CVE-2015-0802 is a vulnerability in Mozilla Firefox, classified under CWE-264. Published 2015-04-01.

Is CVE-2015-0802 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Firefox

CVE-2015-0802

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via cert…

EPSS: 0.804 (99.1th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Opensuse — versions 13.1, 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

security@mozilla.org (x_refsource_CONFIRM)
1031996 (vdb-entry, x_refsource_SECTRACK)
GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
37958 (exploit, x_refsource_EXPLOIT-DB)
security@mozilla.org (x_refsource_CONFIRM)
USN-2550-1 (x_refsource_UBUNTU, vendor-advisory)
openSUSE-SU-2015:0677 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2015-0802?: CVE-2015-0802 is a vulnerability in Mozilla Firefox, classified under CWE-264. Published 2015-04-01.
Is CVE-2015-0802 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.