Lucene search

[email protected]CVE-2015-4487

HistoryAug 16, 2015 - 1:59 a.m.

CVE-2015-4487

2015-08-1601:59:15

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-4487

mozilla firefox

memory corruption

denial of service

nvd

overflow

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.053 Low

EPSS

Percentile

93.1%

JSON

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an “overflow.”

Affected configurations

NVD

Node

mozillafirefoxRange≤39.0.3

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

mozillafirefox_osRange≤2.1.0

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

oraclesolarisMatch11.3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle39.0.3
mozilla:firefox_esrmozilla firefox esreq38.0
mozilla:firefox_esrmozilla firefox esreq38.0.1
mozilla:firefox_esrmozilla firefox esreq38.0.5
mozilla:firefox_esrmozilla firefox esreq38.1.0
mozilla:firefox_osmozilla firefox osle2.1.0

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	39.0.3
mozilla:firefox_esr	mozilla firefox esr	eq	38.0
mozilla:firefox_esr	mozilla firefox esr	eq	38.0.1
mozilla:firefox_esr	mozilla firefox esr	eq	38.0.5
mozilla:firefox_esr	mozilla firefox esr	eq	38.1.0
mozilla:firefox_os	mozilla firefox os	le	2.1.0