CVE-2015-0816 (retired)

Priority
Description
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird
before 31.6 do not properly restrict resource: URLs, which makes it easier
for remote attackers to execute arbitrary JavaScript code with chrome
privileges by leveraging the ability to bypass the Same Origin Policy, as
demonstrated by the resource: URL associated with PDF.js.
Assigned-to
chrisccoulson
Package
Upstream:released (37.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (37.0+build2-0ubuntu0.14.04.1)
Package
Upstream:released (31.6.0)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:31.6.0+build1-0ubuntu0.14.04.1)
More Information

Updated: 2019-03-26 12:14:22 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)