CVE-2015-4495 : The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1,

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Published 2015-08-08 00:59:05

Updated 2025-04-12 10:46:41

Source Mozilla Corporation

View at NVD, CVE.org

Products affected by CVE-2015-4495

Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.1
cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.7
cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 12
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP4
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP3 For Vmware
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP1 Ltss Edition
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP2 Ltss Edition
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 11 Update SP4
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Server » Version: 12
cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 12
cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Software Development Kit » Version: 11 Update SP4
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Debuginfo » Version: 11 Update SP2
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Debuginfo » Version: 11 Update SP4
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Debuginfo » Version: 11 Update SP3
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Debuginfo » Version: 11 Update SP1
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*
Matching versions
Oracle » Solaris » Version: 11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions before (<) 39.0.3
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox
Versions from including (>=) 38.0 and before (<) 38.1.1
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Os
Versions before (<) 2.2
cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 15.04
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions

CVE-2015-4495 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Mozilla Firefox Security Feature Bypass Vulnerability

CISA required action:

Apply updates per vendor instructions.

CISA description:

Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2015-4495

Added on 2022-05-25 Action due date 2022-06-15

Exploit prediction scoring system (EPSS) score for CVE-2015-4495

EPSS FAQ

75.94%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-4495

Firefox PDF.js Browser File Theft

First seen: 2020-04-26

auxiliary/gather/firefox_pdfjs_file_theft

This module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with p

More information

CVSS scores for CVE-2015-4495

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-07
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2024-06-28
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2015-4495

http://www.securitytracker.com/id/1033216

Mozilla Firefox PDF Viewer Same-Origin Bypass Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=1178058

1178058 - (CVE-2015-4495) It's possible to read local files or perform privilege escalation by using a native setter
Issue Tracking
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html

[security-announce] SUSE-SU-2015:1379-1: critical: Security update for M
Mailing List;Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-78.html

Same origin violation and local file stealing via PDF reader — Mozilla
Vendor Advisory
http://www.ubuntu.com/usn/USN-2707-1

USN-2707-1: Firefox vulnerability | Ubuntu security notices
Third Party Advisory
https://security.gentoo.org/glsa/201512-10

Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

[security-announce] SUSE-SU-2015:1449-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/76249

Mozilla Firefox CVE-2015-4495 Same Origin Policy Security Bypass Vulnerability
Broken Link;Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1581.html

RHSA-2015:1581 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

[security-announce] openSUSE-SU-2015:1390-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Oracle Solaris Bulletin - April 2016
Patch;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

[security-announce] openSUSE-SU-2015:1389-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

[security-announce] SUSE-SU-2015:1528-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/37772/

Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy
Exploit;Third Party Advisory;VDB Entry
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

Firefox exploit found in the wild | Mozilla Security Blog
Issue Tracking;Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html

[security-announce] SUSE-SU-2015:1380-1: critical: Security update for M
Mailing List;Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1179262

1179262 - Remove PlayPreview registration from PDF Viewer
Issue Tracking

Jump to