[email protected]CVE-2015-4507

HistorySep 24, 2015 - 4:59 a.m.

CVE-2015-4507

2015-09-2404:59:10

[email protected]

web.nvd.nist.gov

cve-2015-4507

savedstacks class

javascript

mozilla firefox

denial of service

remote attackers

execute arbitrary code

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON

The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site.

Affected configurations

NVD

Node

mozillafirefoxRange≤40.0.3

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle40.0.3

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	40.0.3

References

lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html

www.mozilla.org/security/announce/2015/mfsa2015-102.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.securityfocus.com/bid/76815

www.securitytracker.com/id/1033640

www.ubuntu.com/usn/USN-2743-1

www.ubuntu.com/usn/USN-2743-2

www.ubuntu.com/usn/USN-2743-3

www.ubuntu.com/usn/USN-2743-4

bugzilla.mozilla.org/show_bug.cgi?id=1192401

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.017 Low

EPSS

Percentile

87.9%

JSON

Related for CVE-2015-4507

cvelist1 openvas10 mozilla1 nvd1 prion1 ubuntucve1 nessus9 archlinux1 ubuntu4 mageia1 suse2 kaspersky2 freebsd1 securityvulns1