Firefox < 39.03 pdf.js same origin policy exploit

vendor:

Firefox

by:

Unknown

7.5

CVSS

HIGH

pdf.js same origin policy exploit

Unknown

CWE

Product Name: Firefox

Affected Version From: Before 39.0.3

Affected Version To: 39.0.3 and earlier

Patch Exists: YES

Related CWE: CVE-2015-4495

CPE: a:mozilla:firefox

Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-vid-8eee06d4-c21d-4f07-a669-455151ff426f/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2015-1581/, https://www.rapid7.com/db/vulnerabilities/mfsa2015-78-cve-2015-4495/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-4495/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2015-4495/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2015-4495/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2015-4495/

Other Scripts:

Platforms Tested: Linux, Mac

2014

Firefox < 39.03 pdf.js same origin policy exploit

This exploit allows an attacker to read and copy information on a victim's computer when they view a website crafted with this exploit. The exploit works on Firefox versions before 39.0.3.

Mitigation:

Upgrade to the latest version of Firefox ( > 39.0.3)

Source

Firefox < 39.03 pdf.js same origin policy exploit

Mitigation:

Exploit-DB raw data: