925401 – (CVE-2015-0801) VUL-0: CVE-2015-0801: MozillaFirefox,MozillaThunderbird: Same-origin bypass through anchor navigation (MFSA 2015-40)

Bug 925401 (CVE-2015-0801) - VUL-0: CVE-2015-0801: MozillaFirefox,MozillaThunderbird: Same-origin bypass through anchor navigation (MFSA 2015-40)

Summary: VUL-0: CVE-2015-0801: MozillaFirefox,MozillaThunderbird: Same-origin bypass t...

Status:	RESOLVED DUPLICATE of bug 925368

Alias:	CVE-2015-0801

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2015-04-15
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/115393/
Whiteboard:	maint:running:61408:moderate
Keywords:

Depends on:
Blocks:	925368
	Show dependency tree / graph

Clone This Bug

Reported:	2015-04-01 10:33 UTC by Andreas Stieger
Modified:	2016-04-27 19:37 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-04-01 10:33:16 UTC

Same-origin bypass through anchor navigation

Announced:     March 31, 2015
Reporter:     Olli Pettay, Boris Zbarsky
Impact:     High
Products:     Firefox, Firefox ESR, Thunderbird
Fixed in: 
        Firefox 37
        Firefox ESR 31.6
        Thunderbird 31.6

Description

Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass same-origin policy protections to run scripts in a privileged context. This newer variant found that the same flaw could be used during anchor navigation of a page, allowing bypassing of same-origin policy protections.

In general this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled, but is potentially a risk in browser or browser-like contexts.

References:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/
https://bugzilla.mozilla.org/show_bug.cgi?id=1146339
https://bugzilla.redhat.com/show_bug.cgi?id=1207084
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0801

Comment 1 Swamp Workflow Management 2015-04-01 13:07:31 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-04-15.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61408

Comment 2 Swamp Workflow Management 2015-04-01 22:01:27 UTC

bugbot adjusting priority

Comment 5 Andreas Stieger 2015-04-02 08:43:56 UTC

merge into parent

*** This bug has been marked as a duplicate of bug 925368 ***

Comment 6 Swamp Workflow Management 2015-04-08 09:06:42 UTC

openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166
CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1
openSUSE 13.1 (src):    MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1