Mozilla Thunderbird CVE-2015-0801 Weak Authentication Vulnerability

description-logoDescription

Mozilla developer Olli Pettay reported that while investigating Mozilla Foundation Security Advisory 2015-28, he and Mozilla developer Boris Zbarsky found an alternate way to trigger a similar vulnerability. The previously reported flaw used an issue with SVG content navigation to bypass same-origin policy protections to run scripts in a privileged context. This newer variant found that the same flaw could be used during anchor navigation of a page, allowing bypassing of same-origin policy protections.

affected-products-logoAffected Applications

Thunderbird

CVE References

CVE-2015-0801