CVE-2015-4515Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure7 documents6 sources
Severity
4.3MEDIUMNVD
OSV7.5
EPSS
0.4%
top 36.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedNov 5
Latest updateMay 17

Description

Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Ubuntumozilla/firefox< 42.0+build2-0ubuntu0.14.04.1
NVDmozilla/firefox41.0.2

🔴Vulnerability Details

3
GHSA
GHSA-vm6c-fx3m-m9w4: Mozilla Firefox before 422022-05-17
OSV
firefox vulnerabilities2015-11-04
OSV
CVE-2015-4515: Mozilla Firefox before 422015-11-04

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2015-11-04
Red Hat
Mozilla: Information disclosure through NTLM authentication (MFSA 2015-117)2015-11-04

💬Community

1
Bugzilla
CVE-2015-4515 Mozilla: Information disclosure through NTLM authentication (MFSA 2015-117)2015-11-03