Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-4498

Опубликовано: 29 авг. 2015
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5

Описание

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

РелизСтатусПримечание
devel

released

40.0.3+build1-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [40.0.3+build1-0ubuntu0.14.04.1]]
precise

released

40.0.3+build1-0ubuntu0.12.04.1
trusty

released

40.0.3+build1-0ubuntu0.14.04.1
trusty/esm

DNE

trusty was released [40.0.3+build1-0ubuntu0.14.04.1]
upstream

released

40.0.3
vivid

released

40.0.3+build1-0ubuntu0.15.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 68%
0.00576
Низкий

7.5 High

CVSS2

Связанные уязвимости

redhat логотип

CVE-2015-4498

redhat
около 10 лет назад

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

nvd логотип

CVE-2015-4498

nvd
почти 10 лет назад

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

debian логотип

CVE-2015-4498

debian
почти 10 лет назад

The add-on installation feature in Mozilla Firefox before 40.0.3 and F ...

github логотип

GHSA-9xmm-8mw4-qgc6

github
больше 3 лет назад

The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.

fstec логотип

BDU:2015-11312

fstec
около 10 лет назад

Уязвимость браузеров Firefox и Firefox ESR, позволяющая нарушителю обойти процедуру подтверждения действий пользователем при установке обновления

EPSS

Процентиль: 68%
0.00576
Низкий

7.5 High

CVSS2