CVE-2015-4519

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.

References

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

http://rhn.redhat.com/errata/RHSA-2015-1834.html

http://rhn.redhat.com/errata/RHSA-2015-1852.html

http://www.debian.org/security/2015/dsa-3365

http://www.mozilla.org/security/announce/2015/mfsa2015-110.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/76816

http://www.securitytracker.com/id/1033640

http://www.ubuntu.com/usn/USN-2743-1

http://www.ubuntu.com/usn/USN-2743-2

http://www.ubuntu.com/usn/USN-2743-3

http://www.ubuntu.com/usn/USN-2743-4

http://www.ubuntu.com/usn/USN-2754-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1189814

Details

Source: MITRE

Published: 2015-09-24

Updated: 2016-12-22

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
87063SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)NessusSuSE Local Security Checks
critical
86514CentOS 5 / 6 / 7 : firefox (CESA-2015:1834)NessusCentOS Local Security Checks
high
86482CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1852)NessusCentOS Local Security Checks
high
86341SUSE SLED11 / SLES11 Security Update : MozillaFirefox (SUSE-SU-2015:1703-1)NessusSuSE Local Security Checks
high
86307SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr (SUSE-SU-2015:1680-1)NessusSuSE Local Security Checks
high
86293Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2754-1)NessusUbuntu Local Security Checks
high
86291Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2743-4)NessusUbuntu Local Security Checks
high
86282openSUSE Security Update : seamonkey (openSUSE-2015-632)NessusSuSE Local Security Checks
high
86281openSUSE Security Update : MozillaThunderbird (openSUSE-2015-631)NessusSuSE Local Security Checks
high
86243Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20151001)NessusScientific Linux Local Security Checks
high
86241RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1852)NessusRed Hat Local Security Checks
high
86240Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1852)NessusOracle Linux Local Security Checks
high
86238openSUSE Security Update : MozillaFirefox (openSUSE-2015-619)NessusSuSE Local Security Checks
high
8948Mozilla Firefox < 41.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
86144Ubuntu 14.04 LTS / 15.04 : unity-firefox-extension, webapps-greasemonkey, webaccounts-browser-extension update (USN-2743-3)NessusUbuntu Local Security Checks
high
86107Debian DSA-3365-1 : iceweasel - security updateNessusDebian Local Security Checks
high
86103Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2743-2)NessusUbuntu Local Security Checks
high
86102Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2743-1)NessusUbuntu Local Security Checks
high
86099RHEL 5 / 6 / 7 : firefox (RHSA-2015:1834)NessusRed Hat Local Security Checks
high
86096Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1834)NessusOracle Linux Local Security Checks
high
86079FreeBSD : mozilla -- multiple vulnerabilities (2d56c7f4-b354-428f-8f48-38150c607a05)NessusFreeBSD Local Security Checks
high
86071Firefox < 41 Multiple VulnerabilitiesNessusWindows
high
86070Firefox ESR < 38.3 Multiple VulnerabilitiesNessusWindows
high
86069Firefox < 41 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
86068Firefox ESR < 38.3 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high