CVE-2015-4495

Exp

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Published: 2015-08-08 Last update: 2026-04-22 Assigner: [email protected] Source: [email protected]
NVD Status:AnalyzedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2015-4495 is rated Critical Active Threat (96.4/100): CVSS High severity, with high exploitation likelihood (EPSS 71.57%, 99th percentile). CISA KEV confirms active exploitation (added 2022-05-25) affecting Mozilla / Firefox. a weakness (CWE-346) Unauthenticated remote administrative access may be possible. EPSS rose +1.64% over the last day, indicating growing attacker interest. The CISA remediation deadline has passed—treat as an emergency patch priority.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

CISA KEV Record for CVE-2015-4495

Name: Mozilla Firefox Security Feature Bypass Vulnerability · CISA KEV detail

Exploit added: 2022-05-25

Action due: 2022-06-15

Required action: Apply updates per vendor instructions.

Public exploit references (Exploit-DB) for CVE-2015-4495

EDB-ID Source Kind Published Link
37772 exploit_db edb 2015-08-15 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2015-4495

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-10-17 69.92% 71.57% +1.64%
2 2025-08-06 66.54% 69.92% +3.38%
3 2025-07-30 66.54%

Full EPSS history (18 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2015-4495

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.8 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.8 5.9 [email protected]
8.8 3.1 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:N)
Could be attacked over the internet or any normal routed network—not just someone sitting at the machine.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:R)
A real person has to do something—click, install, enable—otherwise it doesn’t land.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.8 5.9 134c704f-9b21-4f2e-91b3-4a467353bcc0
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2015-4495

OS Trackers for CVE-2015-4495

vendor priority summary link
debian not yet assigned CVE-2015-4495 not yet assigned priority: Debian including 1 source packages (pdf.js), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2015-4495
gentoo normal CVE-2015-4495: 1 GLSA(s) (201512-10), 4 atom(s) (mail-client/thunderbird, mail-client/thunderbird-bin, www-client/firefox, www-client/firefox-bin); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2015-4495
redhat high https://access.redhat.com/security/cve/CVE-2015-4495
suse high CVE-2015-4495 severity important: SUSE including 128 source package names (MozillaFirefox-102.11.0-150200.152.87.1, MozillaFirefox-115.10.0-150200.152.134.1, …), 319 product×package rows across 69 product lines (Image SLES12-SP5-Azure-BYOS, Image SLES12-SP5-Azure-Basic-On-Demand, … (69 product lines)): Fixed 301, Known Not Affected 18. https://www.suse.com/security/cve/CVE-2015-4495/
ubuntu medium CVE-2015-4495 medium priority: Ubuntu including 1 source packages (firefox), 4 status rows across 4 suites (precise, trusty, upstream, vivid): released 4. https://ubuntu.com/security/CVE-2015-4495

Affected software / configurations for CVE-2015-4495

Vendor Product Version Raw CPE
mozilla firefox < 39.0.3 cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
mozilla firefox >= 38.0, < 38.1.1 cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
mozilla firefox_os < 2.2 cpe:2.3:o:mozilla:firefox_os:*:*:*:*:*:*:*:*
oracle solaris 11.3 cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
canonical ubuntu_linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
canonical ubuntu_linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonical ubuntu_linux 15.04 cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 5.0 cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 6.0 cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_desktop 7.0 cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_eus 6.7 cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.1 cpe:2.3:o:redhat:enterprise_linux_eus:7.1:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.2 cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.3 cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.4 cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.5 cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.6 cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_eus 7.7 cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
redhat enterprise_linux_server 5.0 cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
redhat enterprise_linux_server 6.0 cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_server_aus 7.7 cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.3 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
redhat enterprise_linux_server_tus 7.7 cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 5.0 cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 6.0 cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
redhat enterprise_linux_workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
suse linux_enterprise_debuginfo 11 cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp1:*:*:*:*:*:*
suse linux_enterprise_debuginfo 11 cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*
suse linux_enterprise_debuginfo 11 cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
suse linux_enterprise_debuginfo 11 cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
opensuse opensuse 13.1 cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuse opensuse 13.2 cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
suse linux_enterprise_desktop 11 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
suse linux_enterprise_desktop 11 cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
suse linux_enterprise_desktop 12 cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
suse linux_enterprise_server 11 cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
suse linux_enterprise_server 12 cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
suse linux_enterprise_software_development_kit 11 cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
suse linux_enterprise_software_development_kit 11 cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
suse linux_enterprise_software_development_kit 12 cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*

References for CVE-2015-4495

URL Tags
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1581.html Third Party Advisory
http://www.mozilla.org/security/announce/2015/mfsa2015-78.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html Patch Third Party Advisory
http://www.securityfocus.com/bid/76249 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033216 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2707-1 Third Party Advisory
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1178058 Issue Tracking
https://bugzilla.mozilla.org/show_bug.cgi?id=1179262 Issue Tracking
https://security.gentoo.org/glsa/201512-10 Third Party Advisory
https://www.exploit-db.com/exploits/37772/ Exploit Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-4495 US Government Resource
cvelogic Threat Intelligence