• Tenable
  • CVEs
  • Settings
    Links
    Tenable.io Tenable Community & Support Tenable University
    Severity
    Theme
  • Tenable
  • Links
  • Tenable.io
  • Tenable Community & Support
  • Tenable University
  • Settings
  • Severity
  • Theme
  • Newest
  • Updated
  • Search
  • Newest
  • Updated
  • Search
  1. CVEs
  2. CVE-2015-2743
  1. CVEs

CVE-2015-2743

high
  • Information
  • CPEs
  • Plugins

Description

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

References

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://rhn.redhat.com/errata/RHSA-2015-1207.html

http://www.debian.org/security/2015/dsa-3300

http://www.mozilla.org/security/announce/2015/mfsa2015-69.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.securityfocus.com/bid/75541

http://www.securitytracker.com/id/1032783

http://www.ubuntu.com/usn/USN-2656-1

http://www.ubuntu.com/usn/USN-2656-2

https://bugzilla.mozilla.org/show_bug.cgi?id=1163109

https://security.gentoo.org/glsa/201512-10

Details

Source: MITRE

Published: 2015-07-06

Updated: 2016-12-28

Type: CWE-17

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2022 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance