{"id":"USN-2550-1","summary":"firefox vulnerabilities","details":"Olli Pettay and Boris Zbarsky discovered an issue during anchor\nnavigations in some circumstances. If a user were tricked in to opening\na specially crafted website, an attacker could potentially exploit this\nto bypass same-origin policy restrictions. (CVE-2015-0801)\n\nBobby Holley discovered that windows created to hold privileged UI content\nretained access to privileged internal methods if navigated to\nunprivileged content. An attacker could potentially exploit this in\ncombination with another flaw, in order to execute arbitrary script in a\nprivileged context. (CVE-2015-0802)\n\nSeveral type confusion issues were discovered in Firefox. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-0803, CVE-2015-0804)\n\nAbhishek Arya discovered memory corruption issues during 2D graphics\nrendering. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could potentially exploit these to cause a denial of\nservice via application crash, or execute arbitrary code with the\nprivileges of the user invoking Firefox. (CVE-2015-0805, CVE-2015-0806)\n\nChristoph Kerschbaumer discovered that CORS requests from\nnavigator.sendBeacon() followed 30x redirections after preflight. If a\nuser were tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to conduct cross-site request forgery\n(XSRF) attacks. (CVE-2015-0807)\n\nMitchell Harper discovered an issue with memory management of simple-type\narrays in WebRTC. An attacker could potentially exploit this to cause\nundefined behaviour. (CVE-2015-0808)\n\nFelix Gröbert discovered an out-of-bounds read in the QCMS colour\nmanagement library. If a user were tricked in to opening a specially\ncrafted website, an attacker could potentially exploit this to obtain\nsensitive information. (CVE-2015-0811)\n\nArmin Razmdjou discovered that lightweight themes could be installed\nin Firefox without a user approval message, from Mozilla subdomains\nover HTTP without SSL. A remote attacker could potentially exploit this by\nconducting a Machine-In-The-Middle (MITM) attack to install themes without\nuser approval. (CVE-2015-0812)\n\nAki Helin discovered a use-after-free when playing MP3 audio files using\nthe Fluendo MP3 GStreamer plugin in certain circumstances. If a user were\ntricked in to opening a specially crafted website, an attacker could\npotentially exploit this to cause a denial of service via application\ncrash, or execute arbitrary code with the privileges of the user invoking\nFirefox. (CVE-2015-0813)\n\nChristian Holler, Andrew McCreight, Gary Kwong, Karl Tomlinson, Randell\nJesup, Shu-yu Guo, Steve Fink, Tooru Fujisawa, and Byron Campen discovered\nmultiple memory safety issues in Firefox. If a user were tricked in to\nopening a specially crafted website, an attacker could potentially exploit\nthese to cause a denial of service via application crash, or execute\narbitrary code with the privileges of the user invoking Firefox.\n(CVE-2015-0814, CVE-2015-0815)\n\nMariusz Mlynski discovered that documents loaded via resource: URLs (such\nas PDF.js) could load privileged chrome pages. If a user were tricked in\nto opening a specially crafted website, an attacker could potentially\nexploit this in combination with another flaw, in order to execute\narbitrary script in a privileged context. (CVE-2015-0816)\n","modified":"2026-02-10T04:40:53Z","published":"2015-04-01T14:41:55Z","related":["UBUNTU-CVE-2015-0801","UBUNTU-CVE-2015-0802","UBUNTU-CVE-2015-0803","UBUNTU-CVE-2015-0804","UBUNTU-CVE-2015-0805","UBUNTU-CVE-2015-0806","UBUNTU-CVE-2015-0807","UBUNTU-CVE-2015-0808","UBUNTU-CVE-2015-0811","UBUNTU-CVE-2015-0812","UBUNTU-CVE-2015-0813","UBUNTU-CVE-2015-0814","UBUNTU-CVE-2015-0815","UBUNTU-CVE-2015-0816"],"upstream":["CVE-2015-0801","CVE-2015-0802","CVE-2015-0803","CVE-2015-0804","CVE-2015-0805","CVE-2015-0806","CVE-2015-0807","CVE-2015-0808","CVE-2015-0811","CVE-2015-0812","CVE-2015-0813","CVE-2015-0814","CVE-2015-0815","CVE-2015-0816","UBUNTU-CVE-2015-0801","UBUNTU-CVE-2015-0802","UBUNTU-CVE-2015-0803","UBUNTU-CVE-2015-0804","UBUNTU-CVE-2015-0805","UBUNTU-CVE-2015-0806","UBUNTU-CVE-2015-0807","UBUNTU-CVE-2015-0808","UBUNTU-CVE-2015-0811","UBUNTU-CVE-2015-0812","UBUNTU-CVE-2015-0813","UBUNTU-CVE-2015-0814","UBUNTU-CVE-2015-0815","UBUNTU-CVE-2015-0816"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2550-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0801"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0802"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0803"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0804"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0805"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0806"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0807"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0808"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0811"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0812"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0813"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0814"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0815"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0816"}],"affected":[{"package":{"name":"firefox","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/firefox@37.0+build2-0ubuntu0.14.04.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"37.0+build2-0ubuntu0.14.04.1"}]}],"versions":["24.0+build1-0ubuntu1","25.0+build3-0ubuntu0.13.10.1","28.0~b2+build1-0ubuntu2","28.0+build1-0ubuntu1","28.0+build2-0ubuntu1","28.0+build2-0ubuntu2","29.0+build1-0ubuntu0.14.04.2","30.0+build1-0ubuntu0.14.04.3","31.0+build1-0ubuntu0.14.04.1","32.0+build1-0ubuntu0.14.04.1","32.0.3+build1-0ubuntu0.14.04.1","33.0+build2-0ubuntu0.14.04.1","34.0+build2-0ubuntu0.14.04.1","35.0+build3-0ubuntu0.14.04.2","35.0.1+build1-0ubuntu0.14.04.1","36.0+build2-0ubuntu0.14.04.4","36.0.1+build2-0ubuntu0.14.04.1","36.0.4+build1-0ubuntu0.14.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"37.0+build2-0ubuntu0.14.04.1","binary_name":"firefox"},{"binary_version":"37.0+build2-0ubuntu0.14.04.1","binary_name":"firefox-dev"},{"binary_version":"37.0+build2-0ubuntu0.14.04.1","binary_name":"firefox-globalmenu"},{"binary_version":"37.0+build2-0ubuntu0.14.04.1","binary_name":"firefox-mozsymbols"},{"binary_version":"37.0+build2-0ubuntu0.14.04.1","binary_name":"firefox-testsuite"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0801"},{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2015-0802"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0803"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0804"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0805"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0806"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0807"},{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2015-0808"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0811"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0812"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0813"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0814"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2015-0815"},{"severity":[{"score":"low","type":"Ubuntu"}],"id":"CVE-2015-0816"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2550-1.json"}}],"schema_version":"1.7.3"}