VYPR
Get started
← All advisories
High severity8.8CISA KEVNVD Advisory· Published Aug 8, 2015· Updated Apr 22, 2026

CVE-2015-4495

CVE-2015-4495

Description

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Affected products

49
  • Mozilla Corporation/Firefox2 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*+ 1 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*range: <39.0.3
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*range: >=38.0,<38.1.1
  • SUSE S.A./Linux Enterprise Debuginfo4 versions
    cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*
    • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
    • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
    • cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
  • Canonical (company)/Ubuntu Linux3 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • Mozilla Corporation/Firefox Os
    cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*
    Range: <2.2
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
  • Oracle Corporation/Solaris
    cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Desktop3 versions
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Eus8 versions
    cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server3 versions
    cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Aus4 versions
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server Tus3 versions
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation3 versions
    cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Desktop3 versions
    cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Server6 versions
    cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*+ 5 more
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Software Development Kit3 versions
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

18

News mentions

0

No linked articles in our index yet.