CVE-2015-4476

Upstream information

CVE-2015-4476 at MITRE

Description

Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	None

SUSE Bugzilla entry: 947003 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2015:1658-1, published Thu, 1 Oct 2015 10:09:18 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Module for Desktop Applications 15 SP1	`MozillaFirefox >= 60.6.2-3.32.1` `MozillaFirefox-devel >= 60.6.2-3.32.1` `MozillaFirefox-translations-common >= 60.6.2-3.32.1` `MozillaFirefox-translations-other >= 60.6.2-3.32.1`
SUSE Linux Enterprise Module for Desktop Applications 15 SP2	`MozillaFirefox >= 68.8.0-3.87.1` `MozillaFirefox-devel >= 68.8.0-3.87.1` `MozillaFirefox-translations-common >= 68.8.0-3.87.1` `MozillaFirefox-translations-other >= 68.8.0-3.87.1`
SUSE Linux Enterprise Module for Desktop Applications 15	`MozillaFirefox >= 52.7.3-1.35` `MozillaFirefox-devel >= 52.7.3-1.35` `MozillaFirefox-translations-common >= 52.7.3-1.35` `MozillaFirefox-translations-other >= 52.7.3-1.35`
openSUSE 13.1	`MozillaFirefox >= 41.0-88.1` `MozillaFirefox-branding-upstream >= 41.0-88.1` `MozillaFirefox-buildsymbols >= 41.0-88.1` `MozillaFirefox-debuginfo >= 41.0-88.1` `MozillaFirefox-debugsource >= 41.0-88.1` `MozillaFirefox-devel >= 41.0-88.1` `MozillaFirefox-translations-common >= 41.0-88.1` `MozillaFirefox-translations-other >= 41.0-88.1`	Patchnames: openSUSE-2015-619
openSUSE Leap 15.0	`MozillaFirefox >= 60.0-lp150.2.2` `MozillaFirefox-translations-common >= 60.0-lp150.2.2` `MozillaFirefox-translations-other >= 60.0-lp150.2.2`	Patchnames: openSUSE Leap 15.0 GA MozillaFirefox
openSUSE Leap 42.1	`MozillaFirefox >= 41.0.2-1.2` `MozillaFirefox-translations-common >= 41.0.2-1.2`	Patchnames: openSUSE Leap 42.1 GA MozillaFirefox
openSUSE Leap 42.2	`MozillaFirefox >= 49.0.2-37.1` `MozillaFirefox-translations-common >= 49.0.2-37.1`	Patchnames: openSUSE Leap 42.2 GA MozillaFirefox
openSUSE Leap 42.3	`MozillaFirefox >= 52.2-58.2` `MozillaFirefox-translations-common >= 52.2-58.2`	Patchnames: openSUSE Leap 42.3 GA MozillaFirefox
openSUSE Tumbleweed	`MozillaFirefox >= 50.1.0-1.1` `MozillaFirefox-branding-upstream >= 50.1.0-1.1` `MozillaFirefox-buildsymbols >= 50.1.0-1.1` `MozillaFirefox-devel >= 50.1.0-1.1` `MozillaFirefox-translations-common >= 50.1.0-1.1` `MozillaFirefox-translations-other >= 50.1.0-1.1`	Patchnames: openSUSE Tumbleweed GA MozillaFirefox