CVE-2015-2743

CVSS v2.0 7.5 (High)

EPSS 2.51 % (90^th)

Affected Products 6

Advisories 11

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

Weaknesses

CWE-17: DEPRECATED: Code

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-07-06 02:01:11
(9 years ago)
Updated Date: 2023-09-12 14:55:31
(12 months ago)

Affected Products

Mozilla

Novell

Oracle

Solaris

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox Esr 31.0	cpe:2.3:a:mozilla:firefox_esr:31.0
	Mozilla Firefox Esr 31.1	cpe:2.3:a:mozilla:firefox_esr:31.1
	Mozilla Firefox Esr 31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0
	Mozilla Firefox Esr 31.1.1	cpe:2.3:a:mozilla:firefox_esr:31.1.1
	Mozilla Firefox Esr 31.2	cpe:2.3:a:mozilla:firefox_esr:31.2
	Mozilla Firefox Esr 31.3	cpe:2.3:a:mozilla:firefox_esr:31.3
	Mozilla Firefox Esr 31.3.0	cpe:2.3:a:mozilla:firefox_esr:31.3.0
	Mozilla Firefox Esr 31.4	cpe:2.3:a:mozilla:firefox_esr:31.4
	Mozilla Firefox Esr 31.5	cpe:2.3:a:mozilla:firefox_esr:31.5
	Mozilla Firefox Esr 31.5.1	cpe:2.3:a:mozilla:firefox_esr:31.5.1
	Mozilla Firefox Esr 31.5.2	cpe:2.3:a:mozilla:firefox_esr:31.5.2
	Mozilla Firefox Esr 31.5.3	cpe:2.3:a:mozilla:firefox_esr:31.5.3
	Mozilla Firefox Esr 31.6.0	cpe:2.3:a:mozilla:firefox_esr:31.6.0
	Mozilla Firefox Esr 31.7.0	cpe:2.3:a:mozilla:firefox_esr:31.7.0
	Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0

Configuration #2

		CPE23	From	Up To
	Oracle Solaris 11.3	cpe:2.3:o:oracle:solaris:11.3

Configuration #3

		CPE23	From	Up To
	Mozilla Firefox 38.1.0 and prior versions	cpe:2.3:a:mozilla:firefox		<= 38.1.0

Configuration #4

		CPE23	From	Up To
	Novell Suse Linux Enterprise Software Development Kit 12.0	cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0
	Novell Suse Linux Enterprise Desktop 12.0	cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
	Novell Suse Linux Enterprise Server 11 SP4	cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4
	Novell Suse Linux Enterprise Server 12.0	cpe:2.3:o:novell:suse_linux_enterprise_server:12.0