Lucene search

K
cvelistMozillaCVELIST:CVE-2015-0804
HistoryApr 01, 2015 - 10:00 a.m.

CVE-2015-0804

2015-04-0110:00:00
mozilla
www.cve.org

9.5 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.

9.5 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%