What is CVE-2015-0816?

CVE-2015-0816 is a vulnerability in Mozilla Firefox, classified under CWE-264. Published 2015-04-01.

Is CVE-2015-0816 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Firefox

CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by lever…

EPSS: 0.854 (99.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

1031996 (vdb-entry, x_refsource_SECTRACK)
73461 (vdb-entry, x_refsource_BID)
openSUSE-SU-2015:0892 (vendor-advisory, x_refsource_SUSE)
GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
DSA-3212 (vendor-advisory, x_refsource_DEBIAN)
37958 (exploit, x_refsource_EXPLOIT-DB)
SUSE-SU-2015:0704 (vendor-advisory, x_refsource_SUSE)
USN-2552-1 (x_refsource_UBUNTU, vendor-advisory)
security@mozilla.org (x_refsource_CONFIRM)
RHSA-2015:0766 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2015-0816?: CVE-2015-0816 is a vulnerability in Mozilla Firefox, classified under CWE-264. Published 2015-04-01.
Is CVE-2015-0816 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.