CVE-2015-4495

Warnung

Exploit

EPSS 69.92%
Veröffentlicht 08.08.2015 00:59:04
Zuletzt bearbeitet 30.07.2025 03:15:45
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 39.0.3

Mozilla ≫ Firefox Version >= 38.0 < 38.1.1

Mozilla ≫ Firefox Os Version < 2.2

Oracle ≫ Solaris Version11.3

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version15.04

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version6.7

Redhat ≫ Enterprise Linux Eus Version7.1

Redhat ≫ Enterprise Linux Eus Version7.2

Redhat ≫ Enterprise Linux Eus Version7.3

Redhat ≫ Enterprise Linux Eus Version7.4

Redhat ≫ Enterprise Linux Eus Version7.5

Redhat ≫ Enterprise Linux Eus Version7.6

Redhat ≫ Enterprise Linux Eus Version7.7

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Redhat ≫ Enterprise Linux Workstation Version7.0

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp1

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp2

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp3

Suse ≫ Linux Enterprise Debuginfo Version11 Updatesp4

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise Desktop Version11 Updatesp4

Suse ≫ Linux Enterprise Desktop Version12 Update-

Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwEditionltss

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware

Suse ≫ Linux Enterprise Server Version11 Updatesp4

Suse ≫ Linux Enterprise Server Version12 Update-

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp3

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp4

Suse ≫ Linux Enterprise Software Development Kit Version12 Update-

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Mozilla Firefox Security Feature Bypass Vulnerability

Schwachstelle

Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	69.92%	0.986

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H