CVE-2015-4483Mozilla Firefox vulnerability

CWE-2646 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 46.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxOpensuseOracle Solaris
Timeline
PublishedAug 16
Latest updateMay 14

Description

Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

Ubuntumozilla/firefox< 40.0+build4-0ubuntu0.14.04.4
NVDmozilla/firefox39.0.3
NVDoracle/solaris11.3
NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

3
GHSA
GHSA-9xhj-7vhh-97qx: Mozilla Firefox before 402022-05-14
OSV
CVE-2015-4483: Mozilla Firefox before 402015-08-16
CVEList
CVE-2015-4483: Mozilla Firefox before 402015-08-16

📋Vendor Advisories

1
Red Hat
Mozilla: Feed: protocol with POST bypasses mixed content protections (MFSA 2015-86)2015-08-11

💬Community

1
Bugzilla
CVE-2015-4483 Mozilla: Feed: protocol with POST bypasses mixed content protections (MFSA 2015-86)2015-08-11
CVE-2015-4483 — Mozilla Firefox vulnerability | cvebase