Immunity Canvas: FIREFOX_PDFJS_FILEREADER

2015-08-0800:59:00

Immunity Canvas

exploitlist.immunityinc.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.967 High

EPSS

Percentile

99.5%

JSON

Name	firefox_pdfjs_filereader
CVE	CVE-2015-4495 Exploit Pack
VENDOR: Mozilla
NOTES:
Tested on:
Ubuntu 14.04.3 LTS
Firefox 39.0

Under the Response tab of ClientD main window, the option “Respond directly with
exploit” must be selected. Modify PROPERTY[‘RETRY_COUNT’] to change the number
of times the exploit will try to download a given file. PROPERTY[‘EXFIL_TIMEOUT_MSECS’]
is the number of milliseconds before the exploit server is polled for a new file. Any
file in the process of being exfiled by the client will be lost, which is why there are
retries.

NOTE:

References: https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4495
Date public: 08/06/2015