← Voltar para CVEs

CVE-2015-4495

HIGHCISA KEV

8.8

Descricao

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Detalhes CVE

Pontuacao CVSS v3.18.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioREQUIRED

Publicado8/8/2015

Ultima modificacao4/22/2026

Fontekev

Avistamentos honeypot0

CISA KEV

FornecedorMozilla

ProdutoFirefox

Nome da vulnerabilidadeMozilla Firefox Security Feature Bypass Vulnerability

Data inclusao KEV2022-05-25

Prazo de remediacao2022-06-15

Uso em ransomwareUnknown

Produtos afetados

canonical:ubuntu_linuxmozilla:firefoxmozilla:firefox_osopensuse:opensuseoracle:solarisredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_tusredhat:enterprise_linux_workstationsuse:linux_enterprise_debuginfosuse:linux_enterprise_desktopsuse:linux_enterprise_serversuse:linux_enterprise_software_development_kit

Fraquezas (CWE)

CWE-346

Referencias

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html(security@mozilla.org)

http://rhn.redhat.com/errata/RHSA-2015-1581.html(security@mozilla.org)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html(security@mozilla.org)

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(security@mozilla.org)

http://www.securityfocus.com/bid/76249(security@mozilla.org)

http://www.securitytracker.com/id/1033216(security@mozilla.org)

http://www.ubuntu.com/usn/USN-2707-1(security@mozilla.org)

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058(security@mozilla.org)

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262(security@mozilla.org)

https://security.gentoo.org/glsa/201512-10(security@mozilla.org)

https://www.exploit-db.com/exploits/37772/(security@mozilla.org)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html(af854a3a-2127-422b-91ae-364da2661108)

http://rhn.redhat.com/errata/RHSA-2015-1581.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html(af854a3a-2127-422b-91ae-364da2661108)

http://www.securityfocus.com/bid/76249(af854a3a-2127-422b-91ae-364da2661108)

http://www.securitytracker.com/id/1033216(af854a3a-2127-422b-91ae-364da2661108)

http://www.ubuntu.com/usn/USN-2707-1(af854a3a-2127-422b-91ae-364da2661108)

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262(af854a3a-2127-422b-91ae-364da2661108)

https://security.gentoo.org/glsa/201512-10(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/37772/(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.