PT-2015-5859 · Mozilla+4 · Firefox+5

Jann Horn

Published

2015-07-02

Updated

2024-12-12

CVE-2015-2727

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 38.0 Mozilla Firefox ESR version 38.0

Description The issue allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. This occurs due to a regression.

Recommendations For Mozilla Firefox version 38.0, update to a version that resolves the regression issue. For Mozilla Firefox ESR version 38.0, update to a version that resolves the regression issue. As a temporary workaround, consider restricting access to crafted web sites to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CESA-2015_1207

CVE-2015-2727

OPENSUSE-SU-2015_1229-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:14572-1

RHSA-2015:1207

RHSA-2015_1207

USN-2656-1

USN-2656-2

Affected Products

Centos

Firefox

Firefox Esr

Red Hat

Suse

Ubuntu

PT-2015-5859 · Mozilla+4 · Firefox+5

CVE-2015-2727

Weakness Enumeration

Related Identifiers

Affected Products

References · 2239