Bug 1207086 (CVE-2015-0802) - CVE-2015-0802 Mozilla: Windows can retain access to privileged content on navigation to unprivileged pages (MFSA 2015-42)
Summary: CVE-2015-0802 Mozilla: Windows can retain access to privileged content on nav...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-0802
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1205778
TreeView+ depends on / blocked
 
Reported: 2015-03-30 08:17 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-17 05:28 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-04-01 10:02:28 UTC


Attachments (Terms of Use)

Description Huzaifa S. Sidhpurwala 2015-03-30 08:17:53 UTC
Mozilla developer Bobby Holley reported that windows created to hold privileged UI content retained access to privileged internal methods if later navigated to unprivileged content. If a separate flaw was found that allowed for web content to reference these privileged windows, an attacker could use this reference to navigate them to their own content allowing for as escalation of privilege and arbitrary code execution. On its own, this flaw does not allow for privilege escalation by web content. 


External Reference:

http://www.mozilla.org/security/announce/2015/mfsa2015-42.html


Acknowledgements:

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter.

Statement:

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.


Note You need to log in before you can comment on or make changes to this bug.