CVE-2015-2727

CVSS v2.0 6.8 (Medium)

EPSS 1.03 % (84^th)

Affected Products 2

Advisories 6

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.

Weaknesses

CWE-20: Improper Input Validation

Related CVEs

CVE-2015-0821

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-07-06 02:00:58
(9 years ago)
Updated Date: 2016-12-28 02:59:08
(7 years ago)

Affected Products

Mozilla

Firefox
Firefox Esr

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 38.0	cpe:2.3:a:mozilla:firefox:38.0
	Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0