[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2015-0816":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":55,"duplicate_of":9,"upstream":56,"downstream":57,"duplicates":86,"related":87,"reserved_at":9,"published_at":95,"modified_at":96,"state":97,"summary":98,"references_raw":106,"kevs":192,"epss":193,"epss_history":196,"metrics":404,"affected":409},"CVE-2015-0816","Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"CWE-264","Permissions, Privileges, and Access Controls","Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.","category","Obsolete",[],[19,39],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":27,"platforms":28,"requires_auth":26,"exploitdb":9,"metasploit":29},"MSF_EXPLOIT_MULTI_BROWSER_FIREFOX_PDFJS_PRIVILEGE_ESCALATION","Firefox PDF.js Privileged Javascript Injection","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/multi/browser/firefox_pdfjs_privilege_escalation.rb","poc",0,false,"remote",[],{"fullname":30,"rank":25,"rank_name":31,"post_auth":26,"check":26,"notes":32},"exploit/multi/browser/firefox_pdfjs_privilege_escalation","manual",{"Stability":33,"SideEffects":35,"Reliability":37},[34],"unknown-stability",[36],"unknown-side-effects",[38],"unknown-reliability",{"_key":40,"name":41,"source":42,"url":43,"maturity":44,"reliability_score":45,"verified":46,"type":27,"platforms":47,"requires_auth":9,"exploitdb":49,"metasploit":9},"37958","Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit)","exploit-database","https://www.exploit-db.com/exploits/37958","weaponized",0.8,true,[48],"multiple",{"verified":46,"type":27,"platform":48,"file":50,"codes":51},"exploits/multiple/remote/37958.rb",[7,52,53,54],"CVE-2015-0802","OSVDB-120107","OSVDB-119753",[],[],[58,60,62,64,66,68,70,72,74,76,78,80,82,84],{"_key":59},"RHSA-2015:0766",{"_key":61},"RHSA-2015:0771",{"_key":63},"OPENSUSE-SU-2024:10071-1",{"_key":65},"SUSE-SU-2015:0704-1",{"_key":67},"SUSE-SU-2015:0704-2",{"_key":69},"OPENSUSE-SU-2024:10230-1",{"_key":71},"OPENSUSE-SU-2024:14572-1",{"_key":73},"DSA-3211-1",{"_key":75},"DSA-3212-1",{"_key":77},"MGASA-2015-0131",{"_key":79},"MGASA-2015-0342",{"_key":81},"UBUNTU-CVE-2015-0816",{"_key":83},"USN-2550-1",{"_key":85},"USN-2552-1",[],[88,89,90,91,92,93,94],{"_key":63},{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":77},{"_key":79},"2015-04-01T10:00:00.000Z","2024-08-06T04:26:10.591Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":99,"epss_score":100,"severity":101,"severity_score":102,"severity_version":103,"severity_source":104,"severity_vector":105,"severity_status":97},"critical",0.8537,"medium",5,"v2.0","nvd","AV:N/AC:L/Au:N/C:N/I:P/A:N",[107,114,119,125,130,135,141,145,150,155,160,164,168,172,176,180,184,188],{"url":108,"sources":109,"tags":111},"http://www.securitytracker.com/id/1031996",[110,104],"cve.org",[112,113],"VDB Entry","X Refsource SECTRACK",{"url":115,"sources":116,"tags":117},"http://www.securityfocus.com/bid/73461",[110,104],[112,118],"X Refsource BID",{"url":120,"sources":121,"tags":122},"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html",[110,104],[123,124],"Vendor Advisory","X Refsource SUSE",{"url":126,"sources":127,"tags":128},"https://security.gentoo.org/glsa/201512-10",[110,104],[123,129],"X Refsource GENTOO",{"url":131,"sources":132,"tags":133},"http://www.debian.org/security/2015/dsa-3212",[110,104],[123,134],"X Refsource DEBIAN",{"url":136,"sources":137,"tags":138},"https://www.exploit-db.com/exploits/37958/",[110,104],[139,140],"Exploit","X Refsource EXPLOIT DB",{"url":142,"sources":143,"tags":144},"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html",[110,104],[123,124],{"url":146,"sources":147,"tags":148},"http://www.ubuntu.com/usn/USN-2552-1",[110,104],[123,149],"X Refsource UBUNTU",{"url":151,"sources":152,"tags":153},"https://bugzilla.mozilla.org/show_bug.cgi?id=1144991",[110,104],[154],"X Refsource CONFIRM",{"url":156,"sources":157,"tags":158},"http://rhn.redhat.com/errata/RHSA-2015-0766.html",[110,104],[123,159],"X Refsource REDHAT",{"url":161,"sources":162,"tags":163},"http://www.mozilla.org/security/announce/2015/mfsa2015-33.html",[110,104],[154,123],{"url":165,"sources":166,"tags":167},"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",[110,104],[154],{"url":169,"sources":170,"tags":171},"http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html",[110,104],[123,124],{"url":173,"sources":174,"tags":175},"http://www.ubuntu.com/usn/USN-2550-1",[110,104],[123,149],{"url":177,"sources":178,"tags":179},"http://www.securitytracker.com/id/1032000",[110,104],[112,113],{"url":181,"sources":182,"tags":183},"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html",[110,104],[123,124],{"url":185,"sources":186,"tags":187},"http://rhn.redhat.com/errata/RHSA-2015-0771.html",[110,104],[123,159],{"url":189,"sources":190,"tags":191},"http://www.debian.org/security/2015/dsa-3211",[110,104],[123,134],[],{"date":194,"score":100,"percentile":195},"2026-06-05",0.99381,[197,200,203,205,207,209,211,213,215,217,219,221,223,225,227,230,232,235,237,240,242,244,246,248,250,252,255,257,260,263,265,267,270,272,275,278,281,283,285,287,289,291,293,296,299,301,303,306,309,311,314,316,318,320,323,326,328,330,332,335,337,340,343,345,347,350,352,354,356,358,360,362,364,366,368,371,373,375,377,379,381,384,386,388,390,392,394,396,398,401],{"date":198,"score":100,"percentile":199},"2025-11-04",0.99315,{"date":201,"score":100,"percentile":202},"2025-11-05",0.99314,{"date":204,"score":100,"percentile":202},"2025-11-06",{"date":206,"score":100,"percentile":202},"2025-11-07",{"date":208,"score":100,"percentile":202},"2025-11-08",{"date":210,"score":100,"percentile":202},"2025-11-09",{"date":212,"score":100,"percentile":202},"2025-11-10",{"date":214,"score":100,"percentile":202},"2025-11-11",{"date":216,"score":100,"percentile":199},"2025-11-12",{"date":218,"score":100,"percentile":199},"2025-11-13",{"date":220,"score":100,"percentile":199},"2025-11-14",{"date":222,"score":100,"percentile":199},"2025-11-15",{"date":224,"score":100,"percentile":199},"2025-11-16",{"date":226,"score":100,"percentile":202},"2025-11-17",{"date":228,"score":100,"percentile":229},"2025-11-18",0.99447,{"date":231,"score":100,"percentile":229},"2025-11-19",{"date":233,"score":100,"percentile":234},"2025-11-20",0.99446,{"date":236,"score":100,"percentile":202},"2025-11-21",{"date":238,"score":100,"percentile":239},"2025-11-22",0.99313,{"date":241,"score":100,"percentile":239},"2025-11-23",{"date":243,"score":100,"percentile":239},"2025-11-24",{"date":245,"score":100,"percentile":202},"2025-11-25",{"date":247,"score":100,"percentile":202},"2025-11-26",{"date":249,"score":100,"percentile":199},"2025-11-27",{"date":251,"score":100,"percentile":199},"2025-11-28",{"date":253,"score":100,"percentile":254},"2025-11-29",0.99316,{"date":256,"score":100,"percentile":199},"2025-11-30",{"date":258,"score":100,"percentile":259},"2025-12-01",0.99327,{"date":261,"score":100,"percentile":262},"2025-12-02",0.99328,{"date":264,"score":100,"percentile":259},"2025-12-03",{"date":266,"score":100,"percentile":254},"2025-12-04",{"date":268,"score":100,"percentile":269},"2025-12-05",0.99317,{"date":271,"score":100,"percentile":269},"2025-12-06",{"date":273,"score":100,"percentile":274},"2025-12-07",0.99318,{"date":276,"score":100,"percentile":277},"2025-12-08",0.99319,{"date":279,"score":100,"percentile":280},"2025-12-09",0.9932,{"date":282,"score":100,"percentile":280},"2025-12-10",{"date":284,"score":100,"percentile":280},"2025-12-11",{"date":286,"score":100,"percentile":280},"2025-12-12",{"date":288,"score":100,"percentile":280},"2025-12-13",{"date":290,"score":100,"percentile":280},"2025-12-14",{"date":292,"score":100,"percentile":280},"2025-12-15",{"date":294,"score":100,"percentile":295},"2025-12-16",0.99322,{"date":297,"score":100,"percentile":298},"2025-12-17",0.99323,{"date":300,"score":100,"percentile":295},"2025-12-18",{"date":302,"score":100,"percentile":298},"2025-12-19",{"date":304,"score":100,"percentile":305},"2025-12-20",0.99324,{"date":307,"score":100,"percentile":308},"2025-12-21",0.99325,{"date":310,"score":100,"percentile":308},"2025-12-22",{"date":312,"score":100,"percentile":313},"2025-12-23",0.99326,{"date":315,"score":100,"percentile":259},"2025-12-24",{"date":317,"score":100,"percentile":259},"2025-12-25",{"date":319,"score":100,"percentile":262},"2025-12-26",{"date":321,"score":100,"percentile":322},"2025-12-27",0.9933,{"date":324,"score":100,"percentile":325},"2025-12-28",0.99329,{"date":327,"score":100,"percentile":325},"2025-12-29",{"date":329,"score":100,"percentile":325},"2025-12-30",{"date":331,"score":100,"percentile":322},"2025-12-31",{"date":333,"score":100,"percentile":334},"2026-01-01",0.99342,{"date":336,"score":100,"percentile":334},"2026-01-02",{"date":338,"score":100,"percentile":339},"2026-01-03",0.99343,{"date":341,"score":100,"percentile":342},"2026-01-04",0.99332,{"date":344,"score":100,"percentile":342},"2026-01-05",{"date":346,"score":100,"percentile":342},"2026-01-06",{"date":348,"score":100,"percentile":349},"2026-01-07",0.99331,{"date":351,"score":100,"percentile":349},"2026-01-08",{"date":353,"score":100,"percentile":342},"2026-01-09",{"date":355,"score":100,"percentile":342},"2026-01-10",{"date":357,"score":100,"percentile":322},"2026-01-11",{"date":359,"score":100,"percentile":322},"2026-01-12",{"date":361,"score":100,"percentile":322},"2026-01-13",{"date":363,"score":100,"percentile":349},"2026-01-14",{"date":365,"score":100,"percentile":349},"2026-01-15",{"date":367,"score":100,"percentile":342},"2026-01-16",{"date":369,"score":100,"percentile":370},"2026-01-17",0.99333,{"date":372,"score":100,"percentile":342},"2026-01-18",{"date":374,"score":100,"percentile":342},"2026-01-19",{"date":376,"score":100,"percentile":342},"2026-01-20",{"date":378,"score":100,"percentile":370},"2026-01-21",{"date":380,"score":100,"percentile":370},"2026-01-22",{"date":382,"score":100,"percentile":383},"2026-01-23",0.99334,{"date":385,"score":100,"percentile":370},"2026-01-24",{"date":387,"score":100,"percentile":370},"2026-01-25",{"date":389,"score":100,"percentile":370},"2026-01-26",{"date":391,"score":100,"percentile":370},"2026-01-27",{"date":393,"score":100,"percentile":383},"2026-01-28",{"date":395,"score":100,"percentile":383},"2026-01-29",{"date":397,"score":100,"percentile":383},"2026-01-30",{"date":399,"score":100,"percentile":400},"2026-01-31",0.99335,{"date":402,"score":100,"percentile":403},"2026-02-01",0.99344,[405],{"source":104,"cvss_v2_0":406,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":102,"baseSeverity":9,"vectorString":105,"impactScore":407,"exploitabilityScore":408},2.9,10,[410,421],{"ecosystem":9,"name":411,"vendor":9,"product":411,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"Firefox",[413,418],{"version":414,"is_range":46,"range_type":415,"version_start":9,"version_start_type":9,"version_end":416,"version_end_type":417,"fixed_in":9},"lte31.5.3","cpe","31.5.3","including",{"version":419,"is_range":46,"range_type":415,"version_start":9,"version_start_type":9,"version_end":420,"version_end_type":417,"fixed_in":9},"lte36.0.4","36.0.4",{"ecosystem":9,"name":422,"vendor":423,"product":424,"cpe_part":425,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":426},"Thunderbird","mozilla","thunderbird","a",[427],{"version":428,"is_range":46,"range_type":415,"version_start":9,"version_start_type":9,"version_end":429,"version_end_type":417,"fixed_in":9},"lte31.5","31.5"]