Arbitrary File Reading and JavaScript Code Execution in Mozilla Firefox 38.0 and Firefox ESR 38.0

Arbitrary File Reading and JavaScript Code Execution in Mozilla Firefox 38.0 and Firefox ESR 38.0

CVE-2015-2727 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a CVE-2015-0821 regression.

Learn more about our Cis Benchmark Audit For Google Chrome.