CVE-2015-4495

CVE Database · CVE-2015-4495

CVE-2015-4495

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

70.23%

Published

Aug 7, 2015

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-05-25 · Due: 2022-06-15

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

Exploit-DBMozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy TrickestTrickest PoC index GitHub PoCvincd/CVE-2015-4495★1

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-346

Affected Products (49)

mozilla · firefox (up to 39.0.3)vulnerable

mozilla · firefox (up to 38.1.1)vulnerable

mozilla · firefox_os (up to 2.2)vulnerable

oracle · solarisvulnerable

canonical · ubuntu_linuxvulnerable

redhat · enterprise_linux_desktopvulnerable

· enterprise_linux_desktop