CVE-2015-4495 — Mozilla Firefox

Mozilla Firefox Security Feature Bypass Vulnerability

Added to KEV

2022-05-25

Federal due date

2022-06-15

Vendor

Mozilla

Product

Firefox

EPSS

98.7th percentile (score 0.716, as of 2026-06-08)

NVD CVSS v3.1

—

Ransomware use

Unknown

Upstream

https://nvd.nist.gov/vuln/detail/CVE-2015-4495

CISA short description

Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.

Required action

Apply updates per vendor instructions.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.