CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-4495

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score60.2170%
EPSS Percentile86.46th
Published2015年8月8日
Last Modified2026年4月22日

Vulnerability Description

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Affected Platforms (CPE)

📦
Mozilla

Firefox

< 39.0.3
📦
Mozilla

Firefox

>= 38.0 and < 38.1.1
💻
Mozilla

Firefox Os

< 2.2
💻
Oracle

Solaris

= 11.3
💻
Canonical

Ubuntu Linux

= 12.04
💻
Canonical

Ubuntu Linux

= 14.04
💻
Canonical

Ubuntu Linux

= 15.04
💻
Redhat

Enterprise Linux Desktop

= 5.0
💻
Redhat

Enterprise Linux Desktop

= 6.0
💻
Redhat

Enterprise Linux Desktop

= 7.0
💻
Redhat

Enterprise Linux Eus

= 6.7
💻
Redhat

Enterprise Linux Eus

= 7.1
💻
Redhat

Enterprise Linux Eus

= 7.2
💻
Redhat

Enterprise Linux Eus

= 7.3
💻
Redhat

Enterprise Linux Eus

= 7.4
💻
Redhat

Enterprise Linux Eus

= 7.5
💻
Redhat

Enterprise Linux Eus

= 7.6
💻
Redhat

Enterprise Linux Eus

= 7.7
💻
Redhat

Enterprise Linux Server

= 5.0
💻
Redhat

Enterprise Linux Server

= 6.0
💻
Redhat

Enterprise Linux Server

= 7.0
💻
Redhat

Enterprise Linux Server Aus

= 7.3
💻
Redhat

Enterprise Linux Server Aus

= 7.4
💻
Redhat

Enterprise Linux Server Aus

= 7.6
💻
Redhat

Enterprise Linux Server Aus

= 7.7
💻
Redhat

Enterprise Linux Server Tus

= 7.3
💻
Redhat

Enterprise Linux Server Tus

= 7.6
💻
Redhat

Enterprise Linux Server Tus

= 7.7
💻
Redhat

Enterprise Linux Workstation

= 5.0
💻
Redhat

Enterprise Linux Workstation

= 6.0
💻
Redhat

Enterprise Linux Workstation

= 7.0
📦
Suse

Linux Enterprise Debuginfo

= 11
📦
Suse

Linux Enterprise Debuginfo

= 11
📦
Suse

Linux Enterprise Debuginfo

= 11
📦
Suse

Linux Enterprise Debuginfo

= 11
💻
Opensuse

Opensuse

= 13.1
💻
Opensuse

Opensuse

= 13.2
💻
Suse

Linux Enterprise Desktop

= 11
💻
Suse

Linux Enterprise Desktop

= 11
💻
Suse

Linux Enterprise Desktop

= 12
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 11
💻
Suse

Linux Enterprise Server

= 12
💻
Suse

Linux Enterprise Software Development Kit

= 11
💻
Suse

Linux Enterprise Software Development Kit

= 11
💻
Suse

Linux Enterprise Software Development Kit

= 12

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
🔗 http://rhn.redhat.com/errata/RHSA-2015-1581.html
🔗 http://www.mozilla.org/security/announce/2015/mfsa2015-78.html

関連する脆弱性情報

CVE-2019-1170810.0

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the no...

CVE-2019-2513610.0

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and ...

CVE-2018-1850510.0

An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication betwee...

CVE-2020-1238810.0

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this iss...