Privilege escalation through SVG navigation

description-logoDescription

Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation.

affected-products-logoAffected Applications

Firefox
Firefox ESR

CVE References

CVE-2015-0818