CVE-2015-4495

CVSS v3.1 8.8 (High)

CVSS v2.0 4.3 (Medium)

EPSS 89.78 % (99^th)

Affected Products 16

Advisories 11

NVD Status Analyzed

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
NVD Status: Analyzed
CNA: Mozilla Corporation
Published Date: 2015-08-08 00:59:04
(9 years ago)
Updated Date: 2024-06-28 17:23:00
(2 months ago)

Mozilla Firefox Security Feature Bypass Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)

Description: Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
Required Action: Apply updates per vendor instructions.
Known to be Used in Ransomware Campaigns: Unknown
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-4495

Vendor: Mozilla
Product: Firefox
In CISA Catalog from: 2022-05-25
(2 years ago)
Due Date: 2022-06-15
(2 years ago)

Affected Products

Canonical

Ubuntu Linux

Mozilla

Opensuse

Opensuse

Oracle

Solaris

Redhat

Suse

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 39.0.3 version	cpe:2.3:a:mozilla:firefox		< 39.0.3
	Mozilla Firefox Esr from 38.0 version and prior 38.1.1 version	cpe:2.3:a:mozilla:firefox_esr	>= 38.0	< 38.1.1

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox Os prior 2.2 version	cpe:2.3:o:mozilla:firefox_os		< 2.2

Configuration #3

		CPE23	From	Up To
	Oracle Solaris 11.3	cpe:2.3:o:oracle:solaris:11.3

Configuration #4

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:-
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 15.04	cpe:2.3:o:canonical:ubuntu_linux:15.04

Configuration #5

		CPE23	From	Up To
	Redhat Enterprise Linux Desktop 5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0
	Redhat Enterprise Linux Desktop 6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
	Redhat Enterprise Linux Desktop 7.0	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
	Redhat Enterprise Linux Eus 6.7	cpe:2.3:o:redhat:enterprise_linux_eus:6.7
	Redhat Enterprise Linux Eus 7.1	cpe:2.3:o:redhat:enterprise_linux_eus:7.1
	Redhat Enterprise Linux Eus 7.2	cpe:2.3:o:redhat:enterprise_linux_eus:7.2
	Redhat Enterprise Linux Eus 7.3	cpe:2.3:o:redhat:enterprise_linux_eus:7.3
	Redhat Enterprise Linux Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_eus:7.4
	Redhat Enterprise Linux Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_eus:7.5
	Redhat Enterprise Linux Eus 7.6	cpe:2.3:o:redhat:enterprise_linux_eus:7.6
	Redhat Enterprise Linux Eus 7.7	cpe:2.3:o:redhat:enterprise_linux_eus:7.7
	Redhat Enterprise Linux Server 5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0
	Redhat Enterprise Linux Server 6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0
	Redhat Enterprise Linux Server 7.0	cpe:2.3:o:redhat:enterprise_linux_server:7.0
	Redhat Enterprise Linux Server Aus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3
	Redhat Enterprise Linux Server Aus 7.4	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4
	Redhat Enterprise Linux Server Aus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
	Redhat Enterprise Linux Server Aus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7
	Redhat Enterprise Linux Server Tus 7.3	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3
	Redhat Enterprise Linux Server Tus 7.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
	Redhat Enterprise Linux Server Tus 7.7	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7
	Redhat Enterprise Linux Workstation 5.0	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0
	Redhat Enterprise Linux Workstation 6.0	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
	Redhat Enterprise Linux Workstation 7.0	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0

Configuration #6

		CPE23	From	Up To
	Suse Linux Enterprise Debuginfo 11 SP1	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1
	Suse Linux Enterprise Debuginfo 11 SP2	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2
	Suse Linux Enterprise Debuginfo 11 SP3	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3
	Suse Linux Enterprise Debuginfo 11 SP4	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Opensuse 13.2	cpe:2.3:o:opensuse:opensuse:13.2
	Suse Linux Enterprise Desktop 11 SP3	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3
	Suse Linux Enterprise Desktop 11 SP4	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4
	Suse Linux Enterprise Desktop 12	cpe:2.3:o:suse:linux_enterprise_desktop:12:-
	Suse Linux Enterprise Server 11 SP1	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss
	Suse Linux Enterprise Server 11 SP2	cpe:2.3:o:suse:linux_enterprise_server:11:sp2:::ltss
	Suse Linux Enterprise Server 11 SP3 For	cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::*:-
	Suse Linux Enterprise Server 11 SP3 for Vmware	cpe:2.3:o:suse:linux_enterprise_server:11:sp3:::*:vmware
	Suse Linux Enterprise Server 11 SP4	cpe:2.3:o:suse:linux_enterprise_server:11:sp4
	Suse Linux Enterprise Server 12	cpe:2.3:o:suse:linux_enterprise_server:12:-
	Suse Linux Enterprise Software Development Kit 11 SP3	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3
	Suse Linux Enterprise Software Development Kit 11 SP4	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4
	Suse Linux Enterprise Software Development Kit 12	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-