CVE-2015-4495 | Vulnerability Database | Aqua Security

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	*	39.0.3 (excluding)
Firefox_esr	Mozilla	38.0 (including)	38.1.1 (excluding)
Red Hat Enterprise Linux 5	RedHat	firefox-0:38.1.1-1.el5_11	*
Red Hat Enterprise Linux 6	RedHat	firefox-0:38.1.1-1.el6_7	*
Red Hat Enterprise Linux 7	RedHat	firefox-0:38.1.1-1.ael7b_1	*
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	precise	*
Firefox	Ubuntu	trusty	*
Firefox	Ubuntu	upstream	*
Firefox	Ubuntu	vivid	*

References

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1581.html
http://www.mozilla.org/security/announce/2015/mfsa2015-78.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securityfocus.com/bid/76249
http://www.securitytracker.com/id/1033216
http://www.ubuntu.com/usn/USN-2707-1
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
https://bugzilla.mozilla.org/show_bug.cgi?id=1178058
https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
https://security.gentoo.org/glsa/201512-10
https://www.exploit-db.com/exploits/37772/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-4495
CWE	https://cwe.mitre.org/data/definitions/.html