CVE-2015-2727

2015-07-0602:00:58

CWE-20

mozilla

web.nvd.nist.gov

cve-2015-2727

mozilla firefox

firefox esr

remote attackers

arbitrary files

javascript code

chrome privileges

web security

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

4.9

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.

Affected configurations

Nvd

Node

mozillafirefoxMatch38.0

mozillafirefox_esrMatch38.0

VendorProductVersionCPE
mozillafirefox38.0cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
mozillafirefox_esr38.0cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*