CVE-2015-2722

2015-07-0602:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-2722

use-after-free

vulnerability

mozilla firefox

xmlhttprequest object

remote code execution

4.9 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.045 Low

EPSS

Percentile

92.4%

JSON

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

CPENameOperatorVersion
oracle:solarisoracle solariseq11.3
mozilla:firefox_esrmozilla firefox esreq38.0
mozilla:firefox_esrmozilla firefox esreq31.1
mozilla:firefox_esrmozilla firefox esreq31.3.0
mozilla:firefox_esrmozilla firefox esreq31.1.1
mozilla:firefox_esrmozilla firefox esreq31.7.0
mozilla:firefox_esrmozilla firefox esreq31.5
mozilla:firefox_esrmozilla firefox esreq31.6.0
mozilla:firefox_esrmozilla firefox esreq31.3
mozilla:firefox_esrmozilla firefox esreq31.5.3

CPE	Name	Operator	Version
oracle:solaris	oracle solaris	eq	11.3
mozilla:firefox_esr	mozilla firefox esr	eq	38.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.1
mozilla:firefox_esr	mozilla firefox esr	eq	31.3.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.1.1
mozilla:firefox_esr	mozilla firefox esr	eq	31.7.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.5
mozilla:firefox_esr	mozilla firefox esr	eq	31.6.0
mozilla:firefox_esr	mozilla firefox esr	eq	31.3
mozilla:firefox_esr	mozilla firefox esr	eq	31.5.3