Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2015-7214

Published: 16/12/2015 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Opensuse

Vulnerability Summary

Mozilla Firefox prior to 43.0 and Firefox ESR 38.x prior to 38.5 allow remote malicious users to bypass the Same Origin Policy via data: and view-source: URIs.

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse opensuse 13.2

opensuse opensuse 13.1

opensuse leap 42.1

mozilla firefox esr 38.2.0

mozilla firefox esr 38.2.1

mozilla firefox esr 38.0.1

mozilla firefox esr 38.0.5

mozilla firefox esr 38.1.0

mozilla firefox esr 38.1.1

mozilla firefox esr 38.0

mozilla firefox esr 38.3.0

mozilla firefox esr 38.4.0

mozilla firefox

fedoraproject fedora 23

fedoraproject fedora 22

Vendor Advisories

Red Hat: Critical: firefox security update
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as having Critical securityimpact Common Vulnerabili ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An updated thunderbird package that fixes multiple security issues is nowavailable for Red Hat Enterprise Linux 5, 6, and 7Red Hat Product Security has rated this update as having Important securityimpact Comm ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Debian Security Advisories: DSA-3432-1 icedove -- security update
Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service For the oldstable distribution (wheezy), these problems have been fixed in ...
Mozilla: Cross-site reading attack through data and view-source URIs
Mozilla Foundation Security Advisory 2015-149 Cross-site reading attack through data and view-source URIs Announced December 15, 2015 Reporter Tsubasa Iinuma Impact Critical Products Firefox, Firefox ESR, Firefox OS, Thunderb ...
Red Hat: CVE-2015-7214
Mozilla Firefox before 430 and Firefox ESR 38x before 385 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs ...

Github Repositories

https://github.com/llamakko/CVE-2015-7214

[Firefox] SOP bypass PoC for CVE-2015-7214 (MFSA 2015-149)

CVE-2015-7214 What is CVE-2015-7214? Please see the following link Cross-site reading attack through data and view-source URIs Contents www/indexhtml SOP bypass PoC for Web local/indexhtml SOP bypass PoC for local Requirements Firefox version 420 or earlier The following is the download link of Firefox 420 for each platform Windows ftpmozillaorg/pub/

References

CWE-200http://www.mozilla.org/security/announce/2015/mfsa2015-149.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1228950http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00008.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00007.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/79279http://www.securitytracker.com/id/1034426http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00038.htmlhttps://security.gentoo.org/glsa/201512-10http://www.ubuntu.com/usn/USN-2859-1http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00022.htmlhttp://www.debian.org/security/2015/dsa-3422http://www.ubuntu.com/usn/USN-2833-1http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00049.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2657.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00104.htmlhttp://www.debian.org/security/2016/dsa-3432https://access.redhat.com/errata/RHSA-2015:2657https://usn.ubuntu.com/2833-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-7214
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook