CVE-2015-2743
Last modified
CVE-2015-2743 is a vulnerability of currently unknown severity. PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.. EPSS estimates a 4.93% chance of exploitation in the next 30 days.
Description
PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mozilla | Firefox | 31.0 | — |
| Mozilla | Firefox | 31.1.0 | — |
| Mozilla | Firefox | 31.1.1 | — |
| Mozilla | Firefox | 31.3.0 | — |
| Mozilla | Firefox | 31.5.1 | — |
| Mozilla | Firefox | 31.5.2 | — |
| Mozilla | Firefox | 31.5.3 | — |
| Mozilla | Firefox | 38.0 | — |
| Mozilla | Firefox Esr | 31.1 | — |
| Mozilla | Firefox Esr | 31.2 | — |
| Mozilla | Firefox Esr | 31.3 | — |
| Mozilla | Firefox Esr | 31.4 | — |
| Mozilla | Firefox Esr | 31.5 | — |
| Mozilla | Firefox Esr | 31.6.0 | — |
| Mozilla | Firefox Esr | 31.7.0 | — |
| Oracle | Solaris | 11.3 | — |
| Mozilla | Firefox | <= 38.1.0 | — |
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 | — |
| Novell | Suse Linux Enterprise Desktop | 12.0 | — |
| Novell | Suse Linux Enterprise Server | 11 | Sp4 |
| Novell | Suse Linux Enterprise Server | 12.0 | — |
References
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1163109Issue Tracking
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1163109Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2743?
How severe is CVE-2015-2743?
How do I fix CVE-2015-2743?
Are you affected by CVE-2015-2743?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST