- Home
- CVEs with nessus.description==Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801)
Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2015-0807)
Aki Helin discovered a use-after-free when playing MP3 audio files using the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0813)
Christian Holler, Steve Fink, and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. (CVE-2015-0815)
Mariusz Mlynski discovered that documents loaded via resource: URLs (such as PDF.js) could load privileged chrome pages. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0816).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top