exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2015-4495

Status Candidate

Overview

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Related Files

Firefox PDF.js Browser File Theft
Posted Aug 31, 2024
Authored by temp66, fukusa | Site metasploit.com

This Metasploit module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer.

tags | exploit, arbitrary, local, javascript
systems | linux, windows, apple
advisories | CVE-2015-4495
SHA-256 | 51c57f3920e9435bf62bbd93f1635f5a4935408c0f9db23d25b25d8babebaaee
Firefox Same Origin Policy Bypass
Posted Aug 16, 2015
Authored by Bikash Dash

Proof of concept exploit that demonstrates how an attacker can bypass same-origin policy on Firefox and inject javascript into the built-in pdf reader.

tags | exploit, javascript, proof of concept
systems | linux
advisories | CVE-2015-4495
SHA-256 | e9d69781f8e3c5ddf17e4c6610f59bfd7290858f88e48f49405648523cc14a3d
Red Hat Security Advisory 2015-1581-01
Posted Aug 8, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1581-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files from the system running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-4495
SHA-256 | e0a232b17807350fc652a6b60a215e791b1a23fd269eedd3d1b9d511f297c55b
Ubuntu Security Notice USN-2707-1
Posted Aug 7, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2707-1 - Cody Crews discovered a way to violate the same-origin policy to inject script in to a non-privileged part of the PDF viewer. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to read sensitive information from local files.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2015-4495
SHA-256 | 454aadcc72ab27356bc6097291844b21c35e99f121004be9079deac843860748
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close