Lucene search
Mozilla FoundationMFSA2015-94HistoryAug 27, 2015 - 12:00 a.m.
Use-after-free when resizing canvas element during restyling — Mozilla
2015-08-2700:00:00
Mozilla Foundation
www.mozilla.org
42
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.187
Percentile
96.3%
Mozilla community member Jean-Max Reymond discovered a use-after-free vulnerability with a element on a page. This occurs when a resize event is triggered in concert with style changes but the canvas references have been recreated in the meantime, destroying the originally referenced context. This results in an exploitable crash.
Affected configurations
Node
mozillafirefoxRange<40.0.3
ORmozillafirefox_esrRange<38.2.1
ORmozillaseamonkeyRange<2.35
Related
openvas
openvas
Mozilla Firefox Security Advisory (MFSA2015-94) - Linux
2021-11-11 00:00:00
Mozilla Firefox ESR Multiple Vulnerabilities - Windows
2015-08-31 00:00:00
CentOS Update for firefox CESA-2015:1693 centos5
2015-08-28 00:00:00
prion
prion
Design/Logic Flaw
2015-08-29 19:59:00
cvelist
cvelist
CVE-2015-4497
2015-08-29 19:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:07:29
Denial Of Service (DoS)
2019-05-02 05:18:13
ubuntucve
ubuntucve
CVE-2015-4497
2015-08-27 00:00:00
zdi
zdi
nvd
nvd
CVE-2015-4497
2015-08-29 19:59:00
cve
cve
CVE-2015-4497
2015-08-29 19:59:00
osv
osv
iceweasel - security update
2015-08-29 00:00:00
MozillaFirefox-50.1.0-1.1 on GA media
2024-06-15 00:00:00
nessus
nessus
Firefox ESR < 38.2.1 Multiple Vulnerabilities (Mac OS X)
2015-08-28 00:00:00
Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1693)
2015-08-28 00:00:00
Firefox < 40.0.3 Multiple Vulnerabilities (Mac OS X)
2015-08-28 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Firefox, affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-4497, CVE-2015-4498)
2018-06-17 22:30:14
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified
2018-06-18 00:10:09
Security Bulletin: Mozilla Firefox vulnerability issues in IBM SONAS
2018-06-18 00:10:09
archlinux
archlinux
firefox: multiple issues
2015-08-28 00:00:00
centos
centos
firefox security update
2015-08-27 20:56:02
suse
suse
Security update for MozillaFirefox (important)
2015-09-07 14:09:39
Security update for MozillaFirefox, mozilla-nss (important)
2015-09-02 12:10:07
Security update for Mozilla Firefox (important)
2015-11-23 22:10:12
mageia
mageia
Updated firefox package fixes security vulnerability
2015-08-29 10:53:07
debian
debian
[SECURITY] [DSA 3345-1] iceweasel security update
2015-08-29 04:45:33
[SECURITY] [DSA 3345-1] iceweasel security update
2015-08-29 04:45:33
kaspersky
kaspersky
KLA10654 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
2015-08-27 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2015-08-27 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2015-08-27 00:00:00
redhat
redhat
(RHSA-2015:1693) Critical: firefox security update
2015-08-27 00:00:00
oraclelinux
oraclelinux
firefox security update
2015-08-27 00:00:00
securityvulns
securityvulns
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.187
Percentile
96.3%
Related for MFSA2015-94