Lucene search

[email protected]CVE-2015-2718

HistoryMay 14, 2015 - 10:59 a.m.

CVE-2015-2718

2015-05-1410:59:11

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-2718

webchannel.jsm

mozilla firefox

same origin policy

remote attackers

sensitive data

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data.

Affected configurations

NVD

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

mozillafirefoxRange≤37.0.2

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

www.mozilla.org/security/announce/2015/mfsa2015-56.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/74611

www.ubuntu.com/usn/USN-2602-1

bugzilla.mozilla.org/show_bug.cgi?id=1146724

security.gentoo.org/glsa/201605-06

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2015-2718

cvelist1 mozilla1 nvd1 ubuntucve1 prion1 openvas5 ubuntu1 nessus8 archlinux1 securityvulns1 freebsd1 kaspersky1 mageia1 gentoo1