CVE-2015-2718

2015-05-1300:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.003

Percentile

68.2%

JSON

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote
attackers to bypass the Same Origin Policy and obtain sensitive
webchannel-response data via a crafted web site containing an IFRAME
element referencing a different web site that is intended to read this
data.

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchfirefox< 38.0+build3-0ubuntu0.12.04.1UNKNOWN
ubuntu14.04noarchfirefox< 38.0+build3-0ubuntu0.14.04.1UNKNOWN
ubuntu14.10noarchfirefox< 38.0+build3-0ubuntu0.14.10.1UNKNOWN
ubuntu15.04noarchfirefox< 38.0+build3-0ubuntu0.15.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	12.04	noarch	firefox	< 38.0+build3-0ubuntu0.12.04.1	UNKNOWN
ubuntu	14.04	noarch	firefox	< 38.0+build3-0ubuntu0.14.04.1	UNKNOWN
ubuntu	14.10	noarch	firefox	< 38.0+build3-0ubuntu0.14.10.1	UNKNOWN
ubuntu	15.04	noarch	firefox	< 38.0+build3-0ubuntu0.15.04.1	UNKNOWN