← Zuruck zu CVEs

CVE-2015-4495

HIGHCISA KEV

8.8

Beschreibung

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

CVE Details

CVSS v3.1 Bewertung8.8

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht8/8/2015

Zuletzt geandert4/22/2026

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerMozilla

ProduktFirefox

SchwachstellennameMozilla Firefox Security Feature Bypass Vulnerability

KEV Aufnahmedatum2022-05-25

Behebungsfrist2022-06-15

Ransomware-NutzungUnknown

Betroffene Produkte

canonical:ubuntu_linuxmozilla:firefoxmozilla:firefox_osopensuse:opensuseoracle:solarisredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationsuse:linux_enterprise_debuginfosuse:linux_enterprise_desktopsuse:linux_enterprise_serversuse:linux_enterprise_software_development_kit

Schwachen (CWE)

CWE-346

Referenzen

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html(security@mozilla.org)

http://rhn.redhat.com/errata/RHSA-2015-1581.html(security@mozilla.org)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html(security@mozilla.org)

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(security@mozilla.org)

http://www.securityfocus.com/bid/76249(security@mozilla.org)

http://www.securitytracker.com/id/1033216(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2707-1(security@mozilla.org)

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262(security@mozilla.org)

https://security.gentoo.org/glsa/201512-10(security@mozilla.org)

https://www.exploit-db.com/exploits/37772/(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2015-1581.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/76249(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1033216(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2707-1(af854a3a-2127-422b-91ae-364da2661108)

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201512-10(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/37772/(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.