CVE-2015-4495
KEV
🔴 Łataj teraz
Obejście polityki Same Origin w Firefoxie umożliwia zdalne odczytanie plików.
CVSS
8.8
EPSS
71.6%
Exploit
weaponized
Vendor
redhat
Opis źródłowy (NVD)
The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 71.6% |
| Opublikowano (NVD) | 2015-08-08 00:59:04 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-22 10:36:16 UTC |
Referencje
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html (security@mozilla.org) [Mailing List, Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2015-1581.html (security@mozilla.org) [Third Party Advisory]
- http://www.mozilla.org/security/announce/2015/mfsa2015-78.html (security@mozilla.org) [Vendor Advisory]
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html (security@mozilla.org) [Patch, Third Party Advisory]
- http://www.securityfocus.com/bid/76249 (security@mozilla.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1033216 (security@mozilla.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.ubuntu.com/usn/USN-2707-1 (security@mozilla.org) [Third Party Advisory]
- https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ (security@mozilla.org) [Issue Tracking, Vendor Advisory]
- https://bugzilla.mozilla.org/show_bug.cgi?id=1178058 (security@mozilla.org) [Issue Tracking]
- https://bugzilla.mozilla.org/show_bug.cgi?id=1179262 (security@mozilla.org) [Issue Tracking]
- https://security.gentoo.org/glsa/201512-10 (security@mozilla.org) [Third Party Advisory]
- https://www.exploit-db.com/exploits/37772/ (security@mozilla.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]