CVE-2015-4495
CVSS v3.1
8.8 (High)
CVSS v2.0
4.3 (Medium)
EPSS
89.78 % (99th)
Affected Products
16
Advisories
11
NVD Status
Analyzed
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
Weaknesses
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- Mozilla Corporation
- Published Date
-
2015-08-08 00:59:04
(9 years ago) - Updated Date
-
2024-06-28 17:23:00
(2 months ago)
Mozilla Firefox Security Feature Bypass Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://nvd.nist.gov/vuln/detail/CVE-2015-4495
- Vendor
- Mozilla
- Product
- Firefox
- In CISA Catalog from
-
2022-05-25
(2 years ago) - Due Date
-
2022-06-15
(2 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Configuration #6
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...