CVE-2015-4495 vulnerability in Mozilla and Other Products
Published on August 8, 2015
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
Known Exploited Vulnerability
This Mozilla Firefox Security Feature Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
The following remediation steps are recommended / required by June 15, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2015-4495 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2015-4495
You can be notified by stack.watch whenever vulnerabilities like CVE-2015-4495 are published in these products:
What versions are vulnerable to CVE-2015-4495?
- Mozilla Firefox Fixed in Version 39.0.3
- Mozilla FireFox Extended Support Release (ESR) Version 38.0 Fixed in Version 38.1.1
- Mozilla Firefox Os Fixed in Version 2.2
- Oracle Solaris Version 11.3
- Canonical Ubuntu Linux Version 15.04
- Canonical Ubuntu Linux Version 14.04
- Canonical Ubuntu Linux Version 12.04
- Red Hat Enterprise Linux Desktop Version 7.0
- Red Hat Enterprise Linux Server Version 5.0
- Red Hat Enterprise Linux Workstation Version 7.0
- Red Hat Enterprise Linux Server Version 7.0
- Red Hat Enterprise Linux Workstation Version 5.0
- Red Hat Enterprise Linux Eus Version 6.7
- Red Hat Enterprise Linux Desktop Version 6.0
- Red Hat Enterprise Linux Server Version 6.0
- Red Hat Enterprise Linux Workstation Version 6.0
- Red Hat Enterprise Linux Eus Version 7.1
- Red Hat Enterprise Linux Server Tus Version 7.3
- Red Hat Enterprise Linux Desktop Version 5.0
- Red Hat Enterprise Linux Server Aus Version 7.3
- Red Hat Enterprise Linux Server Aus Version 7.4
- Red Hat Enterprise Linux Eus Version 7.3
- Red Hat Enterprise Linux Eus Version 7.4
- Red Hat Enterprise Linux Eus Version 7.5
- Red Hat Enterprise Linux Server Tus Version 7.6
- Red Hat Enterprise Linux Server Aus Version 7.6
- Red Hat Enterprise Linux Eus Version 7.6
- Red Hat Enterprise Linux Eus Version 7.2
- Red Hat Enterprise Linux Server Aus Version 7.7
- Red Hat Enterprise Linux Server Tus Version 7.7
- Red Hat Enterprise Linux Eus Version 7.7
- Suse Linux Enterprise Server Version 11 sp4
- Suse Linux Enterprise Server Version 11 sp1
- Suse Linux Enterprise Desktop Version 11 sp3
- Suse Linux Enterprise Debuginfo Version 11 sp3
- Suse Linux Enterprise Server Version 11 sp3 vmware
- Suse Linux Enterprise Desktop Version 11 sp4
- Suse Linux Enterprise Debuginfo Version 11 sp2
- Suse Linux Enterprise Software Development Kit Version 11 sp3
- Suse Linux Enterprise Software Development Kit Version 11 sp4
- Suse Linux Enterprise Debuginfo Version 11 sp4
- Suse Linux Enterprise Server Version 11 sp2
- OpenSuse Version 13.1
- OpenSuse Version 13.2
- Suse Linux Enterprise Server Version 12 -
- Suse Linux Enterprise Software Development Kit Version 12 -
- Suse Linux Enterprise Desktop Version 12 -
- Suse Linux Enterprise Server Version 11 sp3 -
- Suse Linux Enterprise Debuginfo Version 11 sp1