← Retour aux CVEs

CVE-2015-4495

HIGHCISA KEV

8.8

Description

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie8/8/2015

Derniere modification4/22/2026

Sourcekev

Observations honeypot0

CISA KEV

FournisseurMozilla

ProduitFirefox

Nom vulnerabiliteMozilla Firefox Security Feature Bypass Vulnerability

Date ajout KEV2022-05-25

Date limite remediation2022-06-15

Utilise dans ransomwareUnknown

Produits affectes

canonical:ubuntu_linuxmozilla:firefoxmozilla:firefox_osopensuse:opensuseoracle:solarisredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationsuse:linux_enterprise_debuginfosuse:linux_enterprise_desktopsuse:linux_enterprise_serversuse:linux_enterprise_software_development_kit

Faiblesses (CWE)

CWE-346

References

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html(security@mozilla.org)

http://rhn.redhat.com/errata/RHSA-2015-1581.html(security@mozilla.org)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html(security@mozilla.org)

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(security@mozilla.org)

http://www.securityfocus.com/bid/76249(security@mozilla.org)

http://www.securitytracker.com/id/1033216(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2707-1(security@mozilla.org)

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262(security@mozilla.org)

https://security.gentoo.org/glsa/201512-10(security@mozilla.org)

https://www.exploit-db.com/exploits/37772/(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2015-1581.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/76249(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1033216(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2707-1(af854a3a-2127-422b-91ae-364da2661108)

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201512-10(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/37772/(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.