CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Published: Aug 8, 2015
Updated: Jun 29, 2024
CVE: CVE-2015-4495
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	15.04	15.04.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x
oracle / solaris	11.3	11.3.x
mozilla / firefox	-	39.0.3
mozilla / firefox_esr	38.0	38.1.1
mozilla / firefox_os	-	2.2
redhat / enterprise_linux_desktop	7.0	7.0.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	7.0	7.0.x
redhat / enterprise_linux_server	7.0	7.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_eus	6.7	6.7.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_eus	7.1	7.1.x
redhat / enterprise_linux_server_tus	7.3	7.3.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_server_aus	7.3	7.3.x
redhat / enterprise_linux_server_aus	7.4	7.4.x
redhat / enterprise_linux_eus	7.3	7.3.x
redhat / enterprise_linux_eus	7.4	7.4.x
redhat / enterprise_linux_eus	7.5	7.5.x
redhat / enterprise_linux_server_tus	7.6	7.6.x
redhat / enterprise_linux_server_aus	7.6	7.6.x
redhat / enterprise_linux_eus	7.6	7.6.x
redhat / enterprise_linux_eus	7.2	7.2.x
redhat / enterprise_linux_server_aus	7.7	7.7.x
redhat / enterprise_linux_server_tus	7.7	7.7.x
redhat / enterprise_linux_eus	7.7	7.7.x
suse / linux_enterprise_server	11-sp4	11-sp4.x
suse / linux_enterprise_server	11-sp1	11-sp1.x
suse / linux_enterprise_desktop	11-sp3	11-sp3.x
suse / linux_enterprise_debuginfo	11-sp3	11-sp3.x
suse / linux_enterprise_server	11-sp3	11-sp3.x
suse / linux_enterprise_desktop	11-sp4	11-sp4.x
suse / linux_enterprise_debuginfo	11-sp2	11-sp2.x
suse / linux_enterprise_software_development_kit	11-sp3	11-sp3.x
suse / linux_enterprise_software_development_kit	11-sp4	11-sp4.x
suse / linux_enterprise_debuginfo	11-sp4	11-sp4.x
suse / linux_enterprise_server	11-sp2	11-sp2.x
suse / linux_enterprise_server	12	12.x
suse / linux_enterprise_software_development_kit	12	12.x
suse / linux_enterprise_desktop	12	12.x
suse / linux_enterprise_debuginfo	11-sp1	11-sp1.x

Vulnerability Database

289,599

CVE-2015-4495