CVE-2015-4495

Sažetak

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1581.html
http://www.mozilla.org/security/announce/2015/mfsa2015-78.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/76249
http://www.securitytracker.com/id/1033216
http://www.ubuntu.com/usn/USN-2707-1
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
https://bugzilla.mozilla.org/show_bug.cgi?id=1178058
https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
https://security.gentoo.org/glsa/201512-10
https://www.exploit-db.com/exploits/37772/
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1581.html
http://www.mozilla.org/security/announce/2015/mfsa2015-78.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/76249
http://www.securitytracker.com/id/1033216
http://www.ubuntu.com/usn/USN-2707-1
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
https://bugzilla.mozilla.org/show_bug.cgi?id=1178058
https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
https://security.gentoo.org/glsa/201512-10
https://www.exploit-db.com/exploits/37772/

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-03-2025 - 19:25

Objavljeno

08-08-2015 - 00:59