Vulnerability Details : CVE-2015-2743
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2015-2743
Probability of exploitation activity in the next 30 days: 2.51%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-2743
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-2743
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2743
-
http://www.debian.org/security/2015/dsa-3300
Debian -- Security Information -- DSA-3300-1 iceweasel
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html
[security-announce] SUSE-SU-2015:1269-1: important: Security update forThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1207.html
RHSA-2015:1207 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1032783
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Gain Elevated Privileges - SecurityTracker
-
https://security.gentoo.org/glsa/201512-10
Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
-
http://www.securityfocus.com/bid/75541
Mozilla Firefox/Thunderbird Multiple Security Vulnerabilities
-
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
Oracle Solaris Third Party Bulletin - October 2015Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
[security-announce] SUSE-SU-2015:1449-1: important: Security update for
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2656-2
USN-2656-2: Firefox vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://www.mozilla.org/security/announce/2015/mfsa2015-69.html
Privilege escalation through internal workers — MozillaVendor Advisory
-
http://www.ubuntu.com/usn/USN-2656-1
USN-2656-1: Firefox vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html
[security-announce] SUSE-SU-2015:1268-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
[security-announce] openSUSE-SU-2015:1229-1: important: Security update
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1163109
1163109 - (CVE-2015-2743) Inline JPEG images fail to loadIssue Tracking
Products affected by CVE-2015-2743
- cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*