CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1581.html	Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-78.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.securityfocus.com/bid/76249	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033216	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2707-1	Third Party Advisory
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1178058	Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1179262	Issue Tracking
https://security.gentoo.org/glsa/201512-10
https://www.exploit-db.com/exploits/37772/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr:38.0:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0.1:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.0.5:::::::*
	cpe:2.3:a:mozilla:firefox_esr:38.1.0:::::::*

Configuration 2 (hide)

cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:::::::*
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 4 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

History

12 Sep 2023, 14:55

Type	Values Removed	Values Added
CPE	cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:::::::*	cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:::::::*

Information

Published : 2015-08-08 00:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-4495

Mitre link : CVE-2015-4495

CVE.ORG link : CVE-2015-4495

JSON object : View

Products Affected

novell

suse_linux_enterprise_desktop
suse_linux_enterprise_server
suse_linux_enterprise_software_development_kit

oracle

solaris

mozilla

firefox_esr
firefox_os
firefox

opensuse

opensuse

canonical

ubuntu_linux

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

4.3 /10