PT-2015-2177 · Mozilla+5 · Firefox+6

Anne

+7

·

Published

2015-09-22

·

Updated

2024-12-12

·

CVE-2015-4519

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 41.0 Mozilla Firefox ESR versions 38.x prior to 38.3
Description The issue is related to a lack of protection for service data, allowing a remote attacker to bypass existing access restrictions and execute a redirect to a specified URL using specially crafted JavaScript code. This can be achieved when a user performs a drag-and-drop action of an image into a TEXTBOX element, allowing the attacker to discover the target URL of a redirect.
Recommendations For Mozilla Firefox versions prior to 41.0, update to version 41.0 or later to resolve the issue. For Mozilla Firefox ESR versions 38.x prior to 38.3, update to version 38.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of JavaScript code in the browser until a patch is applied.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2015-1816
ALT-PU-2016-1454
BDU:2015-11523
CESA-2015_1834
CESA-2015_1852
CVE-2015-4519
DSA-3365-1
MGASA-2015-0382
MGASA-2015-0387
MGASA-2015-0414
OPENSUSE-SU-2015_1658-1
OPENSUSE-SU-2015_1679-1
OPENSUSE-SU-2015_1681-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2015:1834
RHSA-2015:1852
RHSA-2015_1834
RHSA-2015_1852
SUSE-SU-2015:1680-1
SUSE-SU-2015:1703-1
USN-2743-1
USN-2743-2
USN-2743-3
USN-2743-4
USN-2754-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Ubuntu