PT-2015-5859 · Mozilla+4 · Firefox+5

Jann Horn

Publicado

2015-07-02

Atualizado

2024-12-12

CVE-2015-2727

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 38.0 Mozilla Firefox ESR version 38.0

Description The issue allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. This occurs due to a regression.

Recommendations For Mozilla Firefox version 38.0, update to a version that resolves the regression issue. For Mozilla Firefox ESR version 38.0, update to a version that resolves the regression issue. As a temporary workaround, consider restricting access to crafted web sites to minimize the risk of exploitation.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2015_1207

CVE-2015-2727

OPENSUSE-SU-2015_1229-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

RHSA-2015:1207

RHSA-2015_1207

USN-2656-1

USN-2656-2

Produtos afetados

Centos

Firefox

Firefox Esr

Red Hat

Suse

Ubuntu

PT-2015-5859 · Mozilla+4 · Firefox+5

CVE-2015-2727

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2239