What is CVE-2015-2743?

CVE-2015-2743 is a vulnerability in Mozilla Firefox, classified under CWE-17. Published 2015-07-06.

Is CVE-2015-2743 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mozilla Firefox

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy…

EPSS: 0.011 (78.1th percentile) — read the EPSS interpretation.

Affected products

Mozilla Firefox — versions 31.0, 31.1.0, 31.1.1
Mozilla Firefox_esr — versions 31.1, 31.2, 31.3
Novell Suse_linux_enterprise_desktop — versions 12.0
Novell Suse_linux_enterprise_server — versions 11, 12.0
Novell Suse_linux_enterprise_software_development_kit — versions 12.0
Oracle Solaris — versions 11.3
N/a — versions n/a

Weakness classification (CWE)

CWE-17

Public proof-of-concept exploits

pyllyukko/user.js

References

openSUSE-SU-2015:1229 (vendor-advisory, x_refsource_SUSE)
SUSE-SU-2015:1268 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
75541 (vdb-entry, x_refsource_BID)
security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
RHSA-2015:1207 (x_refsource_REDHAT, vendor-advisory)
SUSE-SU-2015:1269 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
openSUSE-SU-2015:1266 (vendor-advisory, x_refsource_SUSE)
security@mozilla.org (x_refsource_CONFIRM, Vendor Advisory)
security@mozilla.org (x_refsource_CONFIRM, Issue Tracking)

Frequently asked questions

What is CVE-2015-2743?: CVE-2015-2743 is a vulnerability in Mozilla Firefox, classified under CWE-17. Published 2015-07-06.
Is CVE-2015-2743 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.