CVE-2015-2743

HIGH

Description

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

References

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://rhn.redhat.com/errata/RHSA-2015-1207.html

http://www.debian.org/security/2015/dsa-3300

http://www.mozilla.org/security/announce/2015/mfsa2015-69.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75541

http://www.securitytracker.com/id/1032783

http://www.ubuntu.com/usn/USN-2656-1

http://www.ubuntu.com/usn/USN-2656-2

https://bugzilla.mozilla.org/show_bug.cgi?id=1163109

https://security.gentoo.org/glsa/201512-10

Details

Source: MITRE

Published: 2015-07-06

Updated: 2016-12-28

Type: CWE-17

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
87710	GLSA-201512-10 : Mozilla Products: Multiple vulnerabilities (Bar Mitzvah) (Logjam)	Nessus	Gentoo Local Security Checks	critical
8855	Mozilla Firefox < 39.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
85721	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)	Nessus	SuSE Local Security Checks	critical
84899	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1269-1)	Nessus	SuSE Local Security Checks	critical
84898	SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2015:1268-2)	Nessus	SuSE Local Security Checks	critical
84864	openSUSE Security Update : MozillaThunderbird (openSUSE-2015-495) (Logjam)	Nessus	SuSE Local Security Checks	critical
84794	Ubuntu 12.04 LTS : firefox vulnerabilities (USN-2656-2) (Logjam)	Nessus	Ubuntu Local Security Checks	critical
84780	FreeBSD : mozilla -- multiple vulnerabilities (44d9daee-940c-4179-86bb-6e3ffd617869) (Logjam)	Nessus	FreeBSD Local Security Checks	critical
84720	openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2015-480) (Logjam)	Nessus	SuSE Local Security Checks	critical
84664	Ubuntu 14.04 LTS / 14.10 / 15.04 : firefox vulnerabilities (USN-2656-1) (Logjam)	Nessus	Ubuntu Local Security Checks	critical
84581	Firefox < 39.0 Multiple Vulnerabilities (Logjam)	Nessus	Windows	high
84580	Firefox ESR < 38.1 Multiple Vulnerabilities (Logjam)	Nessus	Windows	high
84579	Firefox ESR < 31.8 Multiple Vulnerabilities (Logjam)	Nessus	Windows	high
84577	Firefox < 39.0 Multiple Vulnerabilities (Mac OS X) (Logjam)	Nessus	MacOS X Local Security Checks	high
84576	Firefox ESR < 38.1 Multiple Vulnerabilities (Mac OS X) (Logjam)	Nessus	MacOS X Local Security Checks	high
84575	Firefox ESR < 31.8 Multiple Vulnerabilities (Mac OS X) (Logjam)	Nessus	MacOS X Local Security Checks	high
84550	CentOS 5 / 6 / 7 : firefox (CESA-2015:1207)	Nessus	CentOS Local Security Checks	critical
84543	Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
84535	RHEL 5 / 6 / 7 : firefox (RHSA-2015:1207)	Nessus	Red Hat Local Security Checks	critical
84534	Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1207)	Nessus	Oracle Linux Local Security Checks	critical
84510	Debian DSA-3300-1 : iceweasel - security update (Logjam)	Nessus	Debian Local Security Checks	critical