CVE-2015-4483

2015-08-1601:59:11

CWE-264

mozilla

web.nvd.nist.gov

cve-2015-4483

mozilla firefox

mixed-content protection

feed: url

post request

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

59.8%

JSON

Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.

Affected configurations

Nvd

Node

oraclesolarisMatch11.3

Node

mozillafirefoxRange≤39.0.3

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

VendorProductVersionCPE
oraclesolaris11.3cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	solaris	11.3	cpe:2.3:o:oracle:solaris:11.3:::::::*
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*