CVE-2015-2743 — Execution with Unnecessary Privileges in Mozilla Firefox

CWE-17 CWE-250 — Execution with Unnecessary Privileges10 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Novell Suse Linux Enterprise Desktop +3 more

Timeline

PublishedJul 6

Latest updateMay 17

Description

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

▶Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1

▶NVDmozilla/firefox38.1.0+8

▶NVDmozilla/firefox_esr7 versions+6

▶NVDoracle/solaris11.3

▶NVDnovell/suse_linux_enterprise_server11, 12.0+1

🔴Vulnerability Details

GHSA

GHSA-mqxq-gfh9-3ffc: PDF↗2022-05-17

▶

OSV

firefox regression↗2015-10-05

▶

OSV

ubufox update↗2015-09-22

▶

CVEList

CVE-2015-2743: PDF↗2015-07-06

▶

OSV

CVE-2015-2743: PDF↗2015-07-05

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2015-07-15

▶

Ubuntu

Firefox vulnerabilities↗2015-07-09

▶

Red Hat

Mozilla: Privilege escalation through internal workers (MFSA 2015-69)↗2015-07-02

▶

💬Community

Bugzilla

CVE-2015-2743 Mozilla: Privilege escalation through internal workers (MFSA 2015-69)↗2015-06-30

▶