Published: 06/07/2015 Updated: 12/09/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PDF.js in Mozilla Firefox prior to 39.0 and Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1 enables excessive privileges for internal Workers, which might allow remote malicious users to execute arbitrary code by leveraging a Same Origin Policy bypass.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox esr 38.0
mozilla firefox esr 31.1
mozilla firefox esr 31.3.0
mozilla firefox esr 31.1.1
mozilla firefox esr 31.7.0
mozilla firefox esr 31.5
mozilla firefox esr 31.6.0
mozilla firefox esr 31.3
mozilla firefox esr 31.5.3
mozilla firefox esr 31.5.1
mozilla firefox esr 31.1.0
mozilla firefox esr 31.2
mozilla firefox esr 31.4
mozilla firefox esr 31.0
mozilla firefox esr 31.5.2
oracle solaris 11.3
mozilla firefox
novell suse linux enterprise server 12.0
novell suse linux enterprise server 11
novell suse linux enterprise desktop 12.0
novell suse linux enterprise software development kit 12.0

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vul ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2015-69 Privilege escalation through internal workers Announced July 2, 2015 Reporter Jonas Jenwald Impact High Products Firefox, Firefox ESR, Firefox OS Fixed in ...

A flaw was discovered in Mozilla's PDFjs PDF file viewer When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox ...

CWE-17 https://bugzilla.mozilla.org/show_bug.cgi?id=1163109 http://www.mozilla.org/security/announce/2015/mfsa2015-69.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75541 https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2656-2 http://www.ubuntu.com/usn/USN-2656-1 http://www.securitytracker.com/id/1032783 http://www.debian.org/security/2015/dsa-3300 http://rhn.redhat.com/errata/RHSA-2015-1207.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3300 https://usn.ubuntu.com/2656-1/https://access.redhat.com/security/cve/cve-2015-2743

CVE-2015-2743

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect