Mozilla Firefox CVE-2015-0816 Weak Authentication Vulnerability

description-logoDescription

Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, that documents loaded though a resource: URL, such as Mozilla's PDF.js PDF file viewer, were able to subsequently load privileged chrome pages. The privilege restrictions on resource: URLs was handled incorrectly and these restrictions could be bypassed if this flaw was combined with a separate vulnerability allowing for same-origin policy violation, it could be used to run arbitrary code.

affected-products-logoAffected Applications

Firefox
Firefox ESR

CVE References

CVE-2015-0816