VulnerableCode Vulnerability Details - VCID-55jd-xx14-d3h3

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-55jd-xx14-d3h3

Essentials
Severities (8)
References (8)
Severity details (1)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-55jd-xx14-d3h3
Aliases	CVE-2015-0802
Summary	Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-250

Execution with Unnecessary Privileges

System	Score	Found at
epss	0.80386	https://api.first.org/data/v1/epss?cve=CVE-2015-0802
epss	0.80386	https://api.first.org/data/v1/epss?cve=CVE-2015-0802
epss	0.80386	https://api.first.org/data/v1/epss?cve=CVE-2015-0802
epss	0.80386	https://api.first.org/data/v1/epss?cve=CVE-2015-0802
epss	0.80386	https://api.first.org/data/v1/epss?cve=CVE-2015-0802
epss	0.80386	https://api.first.org/data/v1/epss?cve=CVE-2015-0802
epss	0.80386	https://api.first.org/data/v1/epss?cve=CVE-2015-0802
generic_textual	none	https://www.mozilla.org/en-US/security/advisories/mfsa2015-42

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0802.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-0802
1207086		https://bugzilla.redhat.com/show_bug.cgi?id=1207086
CVE-2015-0802		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0802
CVE-2015-0816;CVE-2015-0802;OSVDB-120107;OSVDB-119753	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/37958.rb
GLSA-201512-10		https://security.gentoo.org/glsa/201512-10
mfsa2015-42		https://www.mozilla.org/en-US/security/advisories/mfsa2015-42
USN-2550-1		https://usn.ubuntu.com/2550-1/

Data source	Exploit-DB
Date added	Aug. 24, 2015
Description	Mozilla Firefox - 'pdf.js' Privileged JavaScript Injection (Metasploit)
Ransomware campaign use	Known
Source publication date	Aug. 24, 2015
Exploit type	remote
Platform	multiple
Source update date	Oct. 27, 2016

Data source	Metasploit
Description	This exploit gains remote code execution on Firefox 31-34 by abusing a bug in the XPConnect component and gaining a reference to the privileged chrome:// window. This exploit requires the user to click anywhere on the page to trigger the vulnerability.
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	Jan. 20, 2014
Platform	Firefox,Java,Linux,OSX,Solaris,Windows
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/firefox_proxy_prototype.rb

Exploit Prediction Scoring System (EPSS)

Percentile	0.99115
EPSS Score	0.80386
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:01:37.157518+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201512-10	38.0.0