Unrated severityNVD Advisory· Published Mar 24, 2015· Updated Jun 17, 2026
CVE-2015-0818
CVE-2015-0818
Description
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=36.0.3
- cpe:2.3:a:mozilla:firefox:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:31.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
- (no CPE)range: <36.0.4
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*range: <=2.33.0
- (no CPE)range: <2.33.1
- osv-coords6 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 128.5.1-1.1+ 5 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 31.5.3esr-27.1
- (no CPE)range: < 31.5.3esr-27.1
- (no CPE)range: < 31.5.3esr-27.1
- (no CPE)range: < 31.5.3esr-27.1
Patches
Vulnerability mechanics
References
13- www.mozilla.org/security/announce/2015/mfsa2015-28.htmlnvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00029.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00035.htmlnvd
- lists.opensuse.org/opensuse-updates/2015-03/msg00096.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0718.htmlnvd
- www.debian.org/security/2015/dsa-3201nvd
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvd
- www.securityfocus.com/bid/73265nvd
- www.securitytracker.com/id/1031959nvd
- www.ubuntu.com/usn/USN-2538-1nvd
- bugzilla.mozilla.org/show_bug.cginvd
- security.gentoo.org/glsa/201504-01nvd
News mentions
0No linked articles in our index yet.