CVE-2015-4495
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/08/2015
Last modified:
30/07/2025
Description
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 39.0.3 (excluding) | |
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 38.0 (including) | 38.1.1 (excluding) |
| cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:* | 2.2 (excluding) | |
| cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2015-1581.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-78.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/76249
- http://www.securitytracker.com/id/1033216
- http://www.ubuntu.com/usn/USN-2707-1
- https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1178058
- https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
- https://security.gentoo.org/glsa/201512-10
- https://www.exploit-db.com/exploits/37772/
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
- http://rhn.redhat.com/errata/RHSA-2015-1581.html
- http://www.mozilla.org/security/announce/2015/mfsa2015-78.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securityfocus.com/bid/76249
- http://www.securitytracker.com/id/1033216
- http://www.ubuntu.com/usn/USN-2707-1
- https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1178058
- https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
- https://security.gentoo.org/glsa/201512-10
- https://www.exploit-db.com/exploits/37772/