Lucene search

[email protected]CVE-2015-4513

HistoryNov 05, 2015 - 5:59 a.m.

CVE-2015-4513

2015-11-0505:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-4513

mozilla firefox

denial of service

memory corruption

application crash

remote attack

arbitrary code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Affected configurations

NVD

Node

mozillafirefoxRange≤41.0.2

Node

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

mozillafirefox_esrMatch38.1.1

mozillafirefox_esrMatch38.2.0

mozillafirefox_esrMatch38.2.1

mozillafirefox_esrMatch38.3.0

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle41.0.2

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	41.0.2

References

lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

lists.opensuse.org/opensuse-updates/2015-12/msg00037.html

lists.opensuse.org/opensuse-updates/2015-12/msg00049.html

rhn.redhat.com/errata/RHSA-2015-1982.html

rhn.redhat.com/errata/RHSA-2015-2519.html

www.debian.org/security/2015/dsa-3393

www.debian.org/security/2015/dsa-3410

www.mozilla.org/security/announce/2015/mfsa2015-116.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/77411

www.securitytracker.com/id/1034069

www.ubuntu.com/usn/USN-2785-1

www.ubuntu.com/usn/USN-2819-1

bugzilla.mozilla.org/show_bug.cgi?id=1107011

bugzilla.mozilla.org/show_bug.cgi?id=1191942

bugzilla.mozilla.org/show_bug.cgi?id=1193038

bugzilla.mozilla.org/show_bug.cgi?id=1204580

bugzilla.mozilla.org/show_bug.cgi?id=1204669

bugzilla.mozilla.org/show_bug.cgi?id=1204700

bugzilla.mozilla.org/show_bug.cgi?id=1205707

bugzilla.mozilla.org/show_bug.cgi?id=1206564

bugzilla.mozilla.org/show_bug.cgi?id=1208665

bugzilla.mozilla.org/show_bug.cgi?id=1209471

bugzilla.mozilla.org/show_bug.cgi?id=1213979

security.gentoo.org/glsa/201512-10

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

10 High

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON

Related for CVE-2015-4513

ubuntucve1 prion1 veracode10 cvelist1 nvd1 openvas32 mozilla1 nessus29 centos2 redhat2 mageia3 oraclelinux2 ubuntu2 suse5 debian2 archlinux1 freebsd1 kaspersky1 ibm2 gentoo1