CVE-2015-2727Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation8 documents6 sources
Severity
6.8MEDIUMNVD
OSV4.3
EPSS
1.1%
top 22.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedJul 6
Latest updateMay 17

Description

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1
NVDmozilla/firefox38.0

🔴Vulnerability Details

3
GHSA
GHSA-xq4h-hmq6-ghrv: Mozilla Firefox 382022-05-17
OSV
firefox vulnerabilities2015-07-09
OSV
CVE-2015-2727: Mozilla Firefox 382015-07-05

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2015-07-15
Ubuntu
Firefox vulnerabilities2015-07-09
Red Hat
Mozilla: Local files or privileged URLs in pages can be opened into new tabs (MFSA 2015-60)2015-07-02

💬Community

1
Bugzilla
CVE-2015-2727 Mozilla: Local files or privileged URLs in pages can be opened into new tabs (MFSA 2015-60)2015-06-30