Lucene search

K

PRIOn knowledge basePRION:CVE-2015-4478

HistoryAug 16, 2015 - 1:59 a.m.

Design/Logic Flaw

2015-08-1601:59:00

PRIOn knowledge base

www.prio-n.com

5

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.4%

Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq14.04
ubuntu_linuxeq15.04
firefoxle39.0.3
firefox_esreq38.0
firefox_esreq38.1.0
firefox_esreq38.0.5
firefox_esreq38.0.1
opensuseeq13.1
opensuseeq13.2

References

lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

rhn.redhat.com/errata/RHSA-2015-1586.html

www.debian.org/security/2015/dsa-3333

www.mozilla.org/security/announce/2015/mfsa2015-82.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securitytracker.com/id/1033247

www.ubuntu.com/usn/USN-2702-1

www.ubuntu.com/usn/USN-2702-2

www.ubuntu.com/usn/USN-2702-3

bugzilla.mozilla.org/show_bug.cgi?id=1105914

security.gentoo.org/glsa/201605-06

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.4%

Related for PRION:CVE-2015-4478

cve1 mozilla1 ubuntucve1 openvas23 cvelist1 nessus23 debian1 veracode9 redhat1 oraclelinux1 suse6 mageia1 centos1 kaspersky1 ubuntu3 freebsd1 archlinux1 ibm3 securityvulns1 gentoo1