Arbitrary JavaScript Code Execution via SVG Hash Navigation in Mozilla Firefox, Firefox ESR, and SeaMonkey

Arbitrary JavaScript Code Execution via SVG Hash Navigation in Mozilla Firefox, Firefox ESR, and SeaMonkey

CVE-2015-0818 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.

Learn more about our Cis Benchmark Audit For Google Chrome.