https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495

CWE-346

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

http://rhn.redhat.com/errata/RHSA-2015-1581.html

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securityfocus.com/bid/76249

http://www.securitytracker.com/id/1033216

http://www.ubuntu.com/usn/USN-2707-1

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262

https://security.gentoo.org/glsa/201512-10

https://www.exploit-db.com/exploits/37772/

OR
     *cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* versions from (including) 38.0 from (excluding) 38.1.1

OR
     *cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions from (including) 38.0 from (excluding) 38.1.1

NIST AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NIST NVD-CWE-noinfo

NIST CWE-200

OR
     *cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to (including) 39.0
     *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
     *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
     *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
     *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to (excluding) 39.0.3
     *cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* versions from (including) 38.0 up to (excluding) 38.1.1

OR
     *cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:* versions up to (including) 2.1.0

OR
     *cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:* versions up to (excluding) 2.2

OR
     *cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*
     *cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
     *cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
     *cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
     *cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
     *cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
     *cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
     *cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*

OR
     *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
     *cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
     *cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
     *cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
     *cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html Mailing List, Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html Mailing List, Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html Mailing List, Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html Mailing List, Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html Mailing List, Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html Mailing List, Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Patch, Third Party Advisory

http://www.securityfocus.com/bid/76249 Third Party Advisory, VDB Entry

http://www.securityfocus.com/bid/76249 Broken Link, Third Party Advisory, VDB Entry

http://www.securitytracker.com/id/1033216 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id/1033216 Broken Link, Third Party Advisory, VDB Entry

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ Vendor Advisory

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ Issue Tracking, Vendor Advisory

https://security.gentoo.org/glsa/201512-10 No Types Assigned

https://security.gentoo.org/glsa/201512-10 Third Party Advisory

https://www.exploit-db.com/exploits/37772/ No Types Assigned

https://www.exploit-db.com/exploits/37772/ Exploit, Third Party Advisory, VDB Entry

OR
     *cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:novell:opensuse:13.2:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

https://www.exploit-db.com/exploits/37772/ [No Types Assigned]

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html [No Types Assigned]

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html [No Types Assigned]

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html [No Types Assigned]

https://security.gentoo.org/glsa/201512-10 [No Types Assigned]

Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.2:*:*:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:* (and previous)

Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:* (and previous)
Configuration 3
     OR
          *cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.2:*:*:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Configuration 4
     OR
          *cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html No Types Assigned

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1581.html No Types Assigned

http://rhn.redhat.com/errata/RHSA-2015-1581.html Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html No Types Assigned

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Third Party Advisory

http://www.securityfocus.com/bid/76249 No Types Assigned

http://www.securityfocus.com/bid/76249 Third Party Advisory, VDB Entry

http://www.securitytracker.com/id/1033216 No Types Assigned

http://www.securitytracker.com/id/1033216 Third Party Advisory, VDB Entry

http://www.ubuntu.com/usn/USN-2707-1 No Types Assigned

http://www.ubuntu.com/usn/USN-2707-1 Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058 No Types Assigned

https://bugzilla.mozilla.org/show_bug.cgi?id=1178058 Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262 No Types Assigned

https://bugzilla.mozilla.org/show_bug.cgi?id=1179262 Issue Tracking

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Vulnerabilidad en el lector de PDF en Mozilla Firefox en versiones anteriores a 39.0.3, Firefox ESR 38.x en versiones anteriores a 38.1.1 y Firefox OS en versiones anteriores a 2.2, permite a atacantes remotos eludir la Same Origin Policy y leer archivos arbitrarios u obtener privilegios a través de vectores que implican código JavaScript manipulado y un setter nativo, tal como se explotó activamente en agosto de 2015.

Vulnerabilidad en el lector de PDF en Mozilla Firefox en versiones anteriores a 39.0.3, Firefox ESR 38.x en versiones anteriores a 38.1.1 y Firefox OS en versiones anteriores a 2.2 permite a atacantes remotos eludir el Same Origin Policy y leer archivos arbitrarios u obtener privilegios, a través de vectores que implican código JavaScript manipulado y un setter nativo, tal y como se utilizó activamente en agosto de 2015.

Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:* (and previous)

Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.1:*:*:*:*:*:*:*
          *cpe:2.3:o:novell:opensuse:13.2:*:*:*:*:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
          *cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:* (and previous)

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html

http://rhn.redhat.com/errata/RHSA-2015-1581.html

http://www.securityfocus.com/bid/76249

http://www.securitytracker.com/id/1033216

http://www.ubuntu.com/usn/USN-2707-1

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

CWE-200

Configuration 1
     OR
          *cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:mozilla:firefox:39.0:*:*:*:*:*:*:* (and previous)
Configuration 2
     OR
          *cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:* (and previous)

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html No Types Assigned

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html Advisory

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ No Types Assigned

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ Advisory