1
PublicDateAtUSN: 2015-04-01
2
Candidate: CVE-2015-0816
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0816
6
https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
7
https://usn.ubuntu.com/usn/usn-2550-1
8
https://usn.ubuntu.com/usn/usn-2552-1
10
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird
11
before 31.6 do not properly restrict resource: URLs, which makes it easier
12
for remote attackers to execute arbitrary JavaScript code with chrome
13
privileges by leveraging the ability to bypass the Same Origin Policy, as
14
demonstrated by the resource: URL associated with PDF.js.
20
Assigned-to: chrisccoulson
23
upstream_firefox: released (37.0)
24
lucid_firefox: ignored (reached end of life)
25
precise_firefox: released (37.0+build2-0ubuntu0.12.04.1)
26
trusty_firefox: released (37.0+build2-0ubuntu0.14.04.1)
27
utopic_firefox: released (37.0+build2-0ubuntu0.14.10.1)
28
devel_firefox: released (37.0+build2-0ubuntu1)
31
upstream_thunderbird: released (31.6.0)
32
lucid_thunderbird: ignored (reached end-of-life)
33
precise_thunderbird: released (1:31.6.0+build1-0ubuntu0.12.04.1)
34
trusty_thunderbird: released (1:31.6.0+build1-0ubuntu0.14.04.1)
35
utopic_thunderbird: released (1:31.6.0+build1-0ubuntu0.14.10.1)
36
devel_thunderbird: released (1:31.6.0+build1-0ubuntu1)