ID CVE-2015-4495
Summary The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
References
Vulnerable Configurations
  • Mozilla Firefox 39.0
    cpe:2.3:a:mozilla:firefox:39.0
  • Mozilla Firefox ESR 38.0
    cpe:2.3:a:mozilla:firefox_esr:38.0
  • Mozilla Firefox ESR 38.0.1
    cpe:2.3:a:mozilla:firefox_esr:38.0.1
  • Mozilla Firefox ESR 38.0.5
    cpe:2.3:a:mozilla:firefox_esr:38.0.5
  • Mozilla Firefox ESR 38.1.0
    cpe:2.3:a:mozilla:firefox_esr:38.1.0
  • cpe:2.3:o:mozilla:firefox_os:2.1.0
    cpe:2.3:o:mozilla:firefox_os:2.1.0
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Novell SUSE Linux Enterprise Desktop 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
  • Novell SUSE Linux Enterprise Server 12.0
    cpe:2.3:o:novell:suse_linux_enterprise_server:12.0
  • cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
    cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Oracle Solaris 11.3
    cpe:2.3:o:oracle:solaris:11.3
CVSS
Base: 4.3 (as of 15-11-2016 - 14:02)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
exploit-db via4
description Firefox < 39.03 - pdf.js Same Origin Policy Exploit. CVE-2015-4495. Local exploits for multiple platform
file exploits/multiple/local/37772.js
id EDB-ID:37772
last seen 2016-02-04
modified 2015-08-15
platform multiple
port
published 2015-08-15
reporter Tantaryu MING
source https://www.exploit-db.com/download/37772/
title Firefox < 39.03 - pdf.js Same Origin Policy Exploit
type local
metasploit via4
description This module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer.
id MSF:AUXILIARY/GATHER/FIREFOX_PDFJS_FILE_THEFT
last seen 2019-03-29
modified 2017-07-24
published 2015-08-14
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/firefox_pdfjs_file_theft.rb
title Firefox PDF.js Browser File Theft
nessus via4
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_39_0_3.NASL
    description The version of Firefox installed on the remote Windows host is prior to 39.0.3. It is, therefore, affected by a vulnerability in the same origin policy in which an attacker can inject script code into a non-privileged part of browser's built-in PDF reader, resulting in gaining access to sensitive local files.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 85275
    published 2015-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85275
    title Firefox < 39.0.3 PDF Reader Arbitrary File Access
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_38_1_1_ESR.NASL
    description The version of Firefox ESR installed on the remote Mac OS X host is prior to 38.1.1. It is, therefore, affected by a vulnerability in the same origin policy in which an attacker can inject script code into a non-privileged part of browser's built-in PDF reader, resulting in gaining access to sensitive local files.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 85272
    published 2015-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85272
    title Firefox ESR < 38.1.1 PDF Reader Arbitrary File Access (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1449-1.NASL
    description Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers The following vulnerabilities were fixed in ESR31 and are also included here : - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979). - CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979). - CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979). - CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979). CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/ CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979). - CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979). - CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033). - CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979). This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Mozilla Firefox and mozilla-nss were updated to fix 17 security issues. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85721
    published 2015-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85721
    title SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201512-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201512-10 (Mozilla Products: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to view a specially crafted web page or email, possibly resulting in execution of arbitrary code or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 87710
    published 2016-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87710
    title GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1581.NASL
    description Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox. (CVE-2015-4495) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.1.1 ESR, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 85295
    published 2015-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85295
    title RHEL 5 / 6 / 7 : firefox (RHSA-2015:1581)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150807_FIREFOX_ON_SL5_X.NASL
    description A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox. (CVE-2015-4495) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 85296
    published 2015-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85296
    title Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1380-1.NASL
    description This security update (bsc#940918) fixes the following issues : - MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation - Remove PlayPreview registration from PDF Viewer (bmo#1179262) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85401
    published 2015-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85401
    title SUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1380-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_8EEE06D4C21D4F07A669455151FF426F.NASL
    description The Mozilla Project reports : MFSA 2015-78 Same origin violation and local file stealing via PDF reader
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 85293
    published 2015-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85293
    title FreeBSD : mozilla -- multiple vulnerabilities (8eee06d4-c21d-4f07-a669-455151ff426f)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1581.NASL
    description From Red Hat Security Advisory 2015:1581 : Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox. (CVE-2015-4495) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.1.1 ESR, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 85294
    published 2015-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85294
    title Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1581)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1379-1.NASL
    description This security update (bsc#940918) fixes the following issues : - MFSA 2015-78: (CVE-2015-4495, bmo#1178058): Same origin violation - Remove PlayPreview registration from PDF Viewer (bmo#1179262) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85400
    published 2015-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85400
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2015:1379-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-547.NASL
    description - update to Firefox 40.0 (bnc#940806) - Added protection against unwanted software downloads - Suggested Tiles show sites of interest, based on categories from your recent browsing history - Hello allows adding a link to conversations to provide context on what the conversation will be about - New style for add-on manager based on the in-content preferences style - Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) - Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes : - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches - mozilla-add-glibcxx_use_cxx11_abi.patch - firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it's not valid anymore - includes security update to Firefox 39.0.3 (bnc#940918) - MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader
    last seen 2019-02-21
    modified 2015-11-30
    plugin id 85436
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85436
    title openSUSE Security Update : MozillaFirefox (openSUSE-2015-547)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_38_1_1_ESR.NASL
    description The version of Firefox ESR installed on the remote Windows host is prior to 38.1.1. It is, therefore, affected by a vulnerability in the same origin policy in which an attacker can inject script code into a non-privileged part of browser's built-in PDF reader, resulting in gaining access to sensitive local files.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 85274
    published 2015-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85274
    title Firefox ESR < 38.1.1 PDF Reader Arbitrary File Access
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FIREFOX_39_0_3.NASL
    description The version of Firefox installed on the remote Mac OS X host is prior to 39.0.3. It is, therefore, affected by a vulnerability in the same origin policy in which an attacker can inject script code into a non-privileged part of browser's built-in PDF reader, resulting in gaining access to sensitive local files.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 85273
    published 2015-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85273
    title Firefox < 39.0.3 PDF Reader Arbitrary File Access (Mac OS X)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-1581.NASL
    description Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox. (CVE-2015-4495) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.1.1 ESR, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 85306
    published 2015-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85306
    title CentOS 5 / 6 / 7 : firefox (CESA-2015:1581)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2707-1.NASL
    description Cody Crews discovered a way to violate the same-origin policy to inject script in to a non-privileged part of the PDF viewer. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to read sensitive information from local files. (CVE-2015-4495). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 85297
    published 2015-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85297
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerability (USN-2707-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-548.NASL
    description - update to Firefox 40.0 (bnc#940806) - Added protection against unwanted software downloads - Suggested Tiles show sites of interest, based on categories from your recent browsing history - Hello allows adding a link to conversations to provide context on what the conversation will be about - New style for add-on manager based on the in-content preferences style - Improved scrolling, graphics, and video playback performance with off main thread compositing (GNU/Linux only) - Graphic blocklist mechanism improved: Firefox version ranges can be specified, limiting the number of devices blocked security fixes : - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream playback - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues in libstagefright - MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting through Mozilla Maintenance Service with hard links (only affected Windows) - MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with Updater and malicious MAR file (does not affect openSUSE RPM packages which do not ship the updater) - MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST bypasses mixed content protections - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection - MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security Policy allows for asterisk wildcards in violation of CSP specification - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers - added mozilla-no-stdcxx-check.patch - removed obsolete patches - mozilla-add-glibcxx_use_cxx11_abi.patch - firefox-multilocale-chrome.patch - rebased patches - requires version 40 of the branding package - removed browser/searchplugins/ location as it's not valid anymore - includes security update to Firefox 39.0.3 (bnc#940918) - MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin violation and local file stealing via PDF reader
    last seen 2019-02-21
    modified 2015-11-30
    plugin id 85437
    published 2015-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85437
    title openSUSE Security Update : MozillaFirefox (openSUSE-2015-548)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1528-1.NASL
    description Mozilla Firefox is being updated to the current Firefox 38ESR branch (specifically the 38.2.0ESR release). Security issues fixed : - MFSA 2015-78 / CVE-2015-4495: Same origin violation and local file stealing via PDF reader - MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474: Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with malformed MP3 file - MFSA 2015-82 / CVE-2015-4478: Redefinition of non-configurable JavaScript object properties - MFSA 2015-83 / CVE-2015-4479: Overflow issues in libstagefright - MFSA 2015-87 / CVE-2015-4484: Crash when using shared memory in JavaScript - MFSA 2015-88 / CVE-2015-4491: Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90 / CVE-2015-4487/CVE-2015-4488/CVE-2015-4489: Vulnerabilities found through code inspection - MFSA 2015-92 / CVE-2015-4492: Use-after-free in XMLHttpRequest with shared workers This update also contains a lot of feature improvements and bug fixes from 31ESR to 38ESR. Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4, which is what Firefox 38ESR uses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85906
    published 2015-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85906
    title SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1476-1.NASL
    description Mozilla Firefox was updated to version 38.2.1 ESR to fix several critical and non critical security vulnerabilities. - Firefox was updated to 38.2.1 ESR (bsc#943608) - MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling - MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs - Firefox was updated to 38.2.0 ESR (bsc#940806) - MFSA 2015-78/CVE-2015-4495 (bmo#1178058, bmo#1179262) Same origin violation and local file stealing via PDF reader - MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 (bmo#1143130, bmo#1161719, bmo#1177501, bmo#1181204, bmo#1184068, bmo#1188590, bmo#1146213, bmo#1178890, bmo#1182711) Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) - MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with malformed MP3 file - MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of non-configurable JavaScript object properties - MFSA 2015-83/CVE-2015-4479 (bmo#1185115, bmo#1144107, bmo#1170344, bmo#1186718) Overflow issues in libstagefright - MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared memory in JavaScript - MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf when scaling bitmap images - MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148) Buffer overflows on Libvpx when decoding WebM video - MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 (bmo#1176270, bmo#1182723, bmo#1171603) Vulnerabilities found through code inspection - MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in XMLHttpRequest with shared workers Mozilla NSS switched the CKBI ABI from 1.98 to 2.4, which is what Firefox 38ESR uses. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 85763
    published 2015-09-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85763
    title SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1476-1)
redhat via4
advisories
bugzilla
id 1251318
title CVE-2015-4495 Mozilla: Same origin violation and local file stealing via PDF reader (MFSA 2015-78)
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • comment firefox is earlier than 0:38.1.1-1.el5_11
      oval oval:com.redhat.rhsa:tst:20151581002
    • comment firefox is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070097009
  • AND
    • comment firefox is earlier than 0:38.1.1-1.el6_7
      oval oval:com.redhat.rhsa:tst:20151581008
    • comment firefox is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20100861010
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
  • AND
    • comment firefox is earlier than 0:38.1.1-1.el7_1
      oval oval:com.redhat.rhsa:tst:20151581014
    • comment firefox is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20100861010
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
rhsa
id RHSA-2015:1581
released 2015-08-07
severity Important
title RHSA-2015:1581: firefox security update (Important)
rpms
  • firefox-0:38.1.1-1.el5_11
  • firefox-0:38.1.1-1.el6_7
  • firefox-0:38.1.1-1.el7_1
refmap via4
bid 76249
confirm
exploit-db 37772
gentoo GLSA-201512-10
sectrack 1033216
suse
  • SUSE-SU-2015:1379
  • SUSE-SU-2015:1380
  • SUSE-SU-2015:1449
  • SUSE-SU-2015:1528
  • openSUSE-SU-2015:1389
  • openSUSE-SU-2015:1390
ubuntu USN-2707-1
Last major update 23-12-2016 - 21:59
Published 07-08-2015 - 20:59
Last modified 30-10-2018 - 12:27
Back to Top