Vulnerability Name: | CVE-2015-1235 (CCN-102375) | ||||||||||||||||||||||||||||||||
Assigned: | 2015-04-14 | ||||||||||||||||||||||||||||||||
Published: | 2015-04-14 | ||||||||||||||||||||||||||||||||
Updated: | 2017-01-03 | ||||||||||||||||||||||||||||||||
Summary: | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-1235 Source: CCN Type: Google Chrome Releases Web site Stable Channel Update Source: CONFIRM Type: Vendor Advisory http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html Source: SUSE Type: UNKNOWN openSUSE-SU-2015:0748 Source: SUSE Type: UNKNOWN openSUSE-SU-2015:1887 Source: REDHAT Type: UNKNOWN RHSA-2015:0816 Source: UBUNTU Type: UNKNOWN USN-2570-1 Source: DEBIAN Type: UNKNOWN DSA-3238 Source: SECTRACK Type: UNKNOWN 1032209 Source: CONFIRM Type: UNKNOWN https://code.google.com/p/chromium/issues/detail?id=456518 Source: XF Type: UNKNOWN google-chrome-cve20151235-sec-bypass(102375) Source: GENTOO Type: UNKNOWN GLSA-201506-04 Source: CONFIRM Type: UNKNOWN https://src.chromium.org/viewvc/blink?revision=190980&view=revision Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-1235 | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |