← Back to CVEs

CVE-2015-4495

HIGHCISA KEV

8.8

Description

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

CVE Details

CVSS v3.1 Score8.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published8/8/2015

Last Modified4/22/2026

Sourcekev

Honeypot Sightings0

CISA KEV

VendorMozilla

ProductFirefox

Vulnerability NameMozilla Firefox Security Feature Bypass Vulnerability

KEV Date Added2022-05-25

Remediation Due Date2022-06-15

Ransomware UseUnknown

Affected Products

canonical:ubuntu_linuxmozilla:firefoxmozilla:firefox_osopensuse:opensuseoracle:solarisredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationsuse:linux_enterprise_debuginfosuse:linux_enterprise_desktopsuse:linux_enterprise_serversuse:linux_enterprise_software_development_kit

Weaknesses (CWE)

CWE-346

References

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html(security@mozilla.org)

http://rhn.redhat.com/errata/RHSA-2015-1581.html(security@mozilla.org)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html(security@mozilla.org)

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(security@mozilla.org)

http://www.securityfocus.com/bid/76249(security@mozilla.org)

http://www.securitytracker.com/id/1033216(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2707-1(security@mozilla.org)

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262(security@mozilla.org)

https://security.gentoo.org/glsa/201512-10(security@mozilla.org)

https://www.exploit-db.com/exploits/37772/(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2015-1581.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/76249(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1033216(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2707-1(af854a3a-2127-422b-91ae-364da2661108)

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201512-10(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/37772/(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.