Lucene search

[email protected]CVE-2015-2715

HistoryMay 14, 2015 - 10:59 a.m.

CVE-2015-2715

2015-05-1410:59:00

CWE-362

[email protected]

web.nvd.nist.gov

cve

2015

2715

race condition

mozilla firefox

remote attackers

arbitrary code

denial of service

use-after-free

heap memory corruption

media decoder thread

9.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle37.0.2
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	37.0.2
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2

References

lists.opensuse.org/opensuse-updates/2015-05/msg00036.html

www.mozilla.org/security/announce/2015/mfsa2015-53.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/74611

www.ubuntu.com/usn/USN-2602-1

bugzilla.mozilla.org/show_bug.cgi?id=988698

security.gentoo.org/glsa/201605-06

9.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.044 Low

EPSS

Percentile

92.3%

JSON

Related for CVE-2015-2715

ubuntucve1 prion1 mozilla1 openvas5 archlinux1 nessus8 ubuntu1 kaspersky1 securityvulns1 freebsd1 mageia1 gentoo1