PT-2015-2643 · Mozilla+3 · Firefox+3

Tim Brown

Publicado

2015-11-03

Atualizado

2024-12-12

CVE-2015-4515

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 42.0

Description The issue is related to a lack of protection for service data in Mozilla Firefox. It allows a remote attacker to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. This can be done when NTLM v1 is enabled for HTTP authentication.

Recommendations For versions prior to 42.0, update to version 42.0 or later to resolve the issue. As a temporary workaround, consider disabling NTLM v1 for HTTP authentication to minimize the risk of exploitation. Restrict access to sensitive information and avoid using NTLM v1 for authentication until the issue is resolved.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2015-1974

ALT-PU-2016-1454

BDU:2015-12008

CVE-2015-4515

MGASA-2015-0447

OPENSUSE-SU-2015_1942-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

USN-2785-1

Produtos afetados

Alt Linux

Firefox

Suse

Ubuntu

PT-2015-2643 · Mozilla+3 · Firefox+3

CVE-2015-4515

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2411