Overview
- Description
- The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.
- Source
- security@mozilla.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Known exploits
Data from CISA
- Vulnerability name
- Mozilla Firefox Security Feature Bypass Vulnerability
- Exploit added on
- May 25, 2022
- Exploit action due
- Jun 15, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D3F7936-F749-405E-90E9-790890AD15EA",
"versionEndExcluding": "39.0.3"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA9C810E-4264-4166-80AF-C088AB27025F",
"versionEndExcluding": "38.1.1",
"versionStartIncluding": "38.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82D6E428-7040-4708-857E-C2530DAB11B6",
"versionEndExcluding": "2.2"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"vulnerable": true,
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "967EC28A-607F-48F4-AD64-5E3041C768F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A67A7B7A-998D-4B8C-8831-6E58406565FE"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8308AC4F-897E-4E43-9885-DF0762640770"
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D5900A25-FDD7-4900-BF7C-F3ECCB714D2B"
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58D3B6FD-B474-4B09-B644-A8634A629280"
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F892F1B0-514C-42F7-90AE-12ACDFDC1033"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67960FB9-13D1-4DEE-8158-31BF31BCBE6F"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB6476C7-03F2-4939-AB85-69AA524516D9"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "E534C201-BCC5-473C-AAA7-AAB97CEB5437"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*",
"vulnerable": true,
"matchCriteriaId": "2470C6E8-2024-4CF5-9982-CFF50E88EAE9"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55C5561F-BE86-4EEA-99D4-8697F8BD9DFE"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15FC9014-BD85-4382-9D04-C0703E901D7A"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F7F8866-DEAD-44D1-AB10-21EE611AA026"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1831D45A-EE6E-4220-8F8C-248B69520948"
}
],
"operator": "OR"
}
]
}
]