CVE-2015-4495 vulnerability in Mozilla and Other Products
Published on August 8, 2015
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
Known Exploited Vulnerability
This Mozilla Firefox Security Feature Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.
The following remediation steps are recommended / required by June 15, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2015-4495 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2015-4495
You can be notified by stack.watch whenever vulnerabilities like CVE-2015-4495 are published in these products:
What versions are vulnerable to CVE-2015-4495?
- Mozilla FireFox Extended Support Release (ESR) Version 38.0
- Mozilla FireFox Extended Support Release (ESR) Version 38.1.0
- Mozilla FireFox Extended Support Release (ESR) Version 38.0.5
- Mozilla FireFox Extended Support Release (ESR) Version 38.0.1
- Mozilla Firefox Up to Version 39.0
- Mozilla Firefox Os Up to Version 2.1.0
- Canonical Ubuntu Linux Version 12.04
- Novell Suse Linux Enterprise Server Version 12.0
- Canonical Ubuntu Linux Version 14.04
- Novell Suse Linux Enterprise Desktop Version 12.0
- Canonical Ubuntu Linux Version 15.04
- OpenSuse Version 13.1
- OpenSuse Version 13.2
- Novell Suse Linux Enterprise Software Development Kit Version 12.0
- Oracle Solaris Version 11.3