usn-2550-1
Vulnerability from osv_ubuntu
Olli Pettay and Boris Zbarsky discovered an issue during anchor navigations in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin policy restrictions. (CVE-2015-0801)
Bobby Holley discovered that windows created to hold privileged UI content retained access to privileged internal methods if navigated to unprivileged content. An attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0802)
Several type confusion issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0803, CVE-2015-0804)
Abhishek Arya discovered memory corruption issues during 2D graphics rendering. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806)
Christoph Kerschbaumer discovered that CORS requests from navigator.sendBeacon() followed 30x redirections after preflight. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct cross-site request forgery (XSRF) attacks. (CVE-2015-0807)
Mitchell Harper discovered an issue with memory management of simple-type arrays in WebRTC. An attacker could potentially exploit this to cause undefined behaviour. (CVE-2015-0808)
Felix Gröbert discovered an out-of-bounds read in the QCMS colour management library. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information. (CVE-2015-0811)
Armin Razmdjou discovered that lightweight themes could be installed in Firefox without a user approval message, from Mozilla subdomains over HTTP without SSL. A remote attacker could potentially exploit this by conducting a Machine-In-The-Middle (MITM) attack to install themes without user approval. (CVE-2015-0812)
Aki Helin discovered a use-after-free when playing MP3 audio files using the Fluendo MP3 GStreamer plugin in certain circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0813)
Christian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell Jesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. (CVE-2015-0814, CVE-2015-0815)
Mariusz Mlynski discovered that documents loaded via resource: URLs (such as PDF.js) could load privileged chrome pages. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this in combination with another flaw, in order to execute arbitrary script in a privileged context. (CVE-2015-0816)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2015-0801",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0802",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0803",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0804",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0805",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0806",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0807",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0808",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0811",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0812",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0813",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0814",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0815",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2015-0816",
"severity": [
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "37.0+build2-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-globalmenu",
"binary_version": "37.0+build2-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "37.0+build2-0ubuntu0.14.04.1"
},
{
"binary_name": "firefox-testsuite",
"binary_version": "37.0+build2-0ubuntu0.14.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:14.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@37.0+build2-0ubuntu0.14.04.1?arch=source\u0026distro=trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "37.0+build2-0ubuntu0.14.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"24.0+build1-0ubuntu1",
"25.0+build3-0ubuntu0.13.10.1",
"28.0~b2+build1-0ubuntu2",
"28.0+build1-0ubuntu1",
"28.0+build2-0ubuntu1",
"28.0+build2-0ubuntu2",
"29.0+build1-0ubuntu0.14.04.2",
"30.0+build1-0ubuntu0.14.04.3",
"31.0+build1-0ubuntu0.14.04.1",
"32.0+build1-0ubuntu0.14.04.1",
"32.0.3+build1-0ubuntu0.14.04.1",
"33.0+build2-0ubuntu0.14.04.1",
"34.0+build2-0ubuntu0.14.04.1",
"35.0+build3-0ubuntu0.14.04.2",
"35.0.1+build1-0ubuntu0.14.04.1",
"36.0+build2-0ubuntu0.14.04.4",
"36.0.1+build2-0ubuntu0.14.04.1",
"36.0.4+build1-0ubuntu0.14.04.1"
]
}
],
"aliases": [],
"details": "Olli Pettay and Boris Zbarsky discovered an issue during anchor\nnavigations in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this\nto bypass same-origin policy restrictions. (CVE-2015-0801)\n\nBobby Holley discovered that windows created to hold privileged UI content\nretained access to privileged internal methods if navigated to\nunprivileged content. An attacker could potentially exploit this in\ncombination with another flaw, in order to execute arbitrary script in a\nprivileged context. (CVE-2015-0802)\n\nSeveral type confusion issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-0803, CVE-2015-0804)\n\nAbhishek Arya discovered memory corruption issues during 2D graphics\nrendering. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806)\n\nChristoph Kerschbaumer discovered that CORS requests from\nnavigator.sendBeacon() followed 30x redirections after preflight. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to conduct cross-site request forgery\n(XSRF) attacks. (CVE-2015-0807)\n\nMitchell Harper discovered an issue with memory management of simple-type\narrays in WebRTC. An attacker could potentially exploit this to cause\nundefined behaviour. (CVE-2015-0808)\n\nFelix Gr\u00f6bert discovered an out-of-bounds read in the QCMS colour\nmanagement library. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to obtain\nsensitive information. (CVE-2015-0811)\n\nArmin Razmdjou discovered that lightweight themes could be installed\nin Firefox without a user approval message, from Mozilla subdomains\nover HTTP without SSL. A remote attacker could potentially exploit this by\nconducting a Machine-In-The-Middle (MITM) attack to install themes without\nuser approval. (CVE-2015-0812)\n\nAki Helin discovered a use-after-free when playing MP3 audio files using\nthe Fluendo MP3 GStreamer plugin in certain circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-0813)\n\nChristian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell\nJesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovered\nmultiple memory safety issues in Firefox. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthese to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-0814, CVE-2015-0815)\n\nMariusz Mlynski discovered that documents loaded via resource: URLs (such\nas PDF.js) could load privileged chrome pages. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this in combination with another flaw, in order to execute\narbitrary script in a privileged context. (CVE-2015-0816)\n",
"id": "USN-2550-1",
"modified": "2026-04-22T07:36:32Z",
"published": "2015-04-01T14:41:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-2550-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0801"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0802"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0803"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0804"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0805"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0806"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0807"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0808"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0811"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0812"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0813"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0814"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0815"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2015-0816"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "firefox vulnerabilities",
"upstream": [
"UBUNTU-CVE-2015-0801",
"UBUNTU-CVE-2015-0802",
"UBUNTU-CVE-2015-0803",
"UBUNTU-CVE-2015-0804",
"UBUNTU-CVE-2015-0805",
"UBUNTU-CVE-2015-0806",
"UBUNTU-CVE-2015-0807",
"UBUNTU-CVE-2015-0808",
"UBUNTU-CVE-2015-0811",
"UBUNTU-CVE-2015-0812",
"UBUNTU-CVE-2015-0813",
"UBUNTU-CVE-2015-0814",
"UBUNTU-CVE-2015-0815",
"UBUNTU-CVE-2015-0816"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.