PT-2015-2177 · Mozilla+5 · Firefox+6

Anne

+7

·

Publicado

2015-09-22

·

Atualizado

2024-12-12

·

CVE-2015-4519

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 41.0 Mozilla Firefox ESR versions 38.x prior to 38.3
Description The issue is related to a lack of protection for service data, allowing a remote attacker to bypass existing access restrictions and execute a redirect to a specified URL using specially crafted JavaScript code. This can be achieved when a user performs a drag-and-drop action of an image into a TEXTBOX element, allowing the attacker to discover the target URL of a redirect.
Recommendations For Mozilla Firefox versions prior to 41.0, update to version 41.0 or later to resolve the issue. For Mozilla Firefox ESR versions 38.x prior to 38.3, update to version 38.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of JavaScript code in the browser until a patch is applied.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2015-1816
ALT-PU-2016-1454
BDU:2015-11523
CESA-2015_1834
CESA-2015_1852
CVE-2015-4519
DSA-3365-1
MGASA-2015-0382
MGASA-2015-0387
MGASA-2015-0414
OPENSUSE-SU-2015_1658-1
OPENSUSE-SU-2015_1679-1
OPENSUSE-SU-2015_1681-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2015:1834
RHSA-2015:1852
RHSA-2015_1834
RHSA-2015_1852
SUSE-SU-2015:1680-1
SUSE-SU-2015:1703-1
USN-2743-1
USN-2743-2
USN-2743-3
USN-2743-4
USN-2754-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Ubuntu