Lucene search

K

[email protected]NVD:CVE-2015-2733

HistoryJul 06, 2015 - 2:01 a.m.

CVE-2015-2733

2015-07-0602:01:02

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

4.7 Medium

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.

Affected configurations

NVD

Node

mozillafirefoxRange≤38.1.0

Node

oraclesolarisMatch11.3

Node

mozillafirefox_esrMatch31.0

OR

mozillafirefox_esrMatch31.1

OR

mozillafirefox_esrMatch31.1.0

OR

mozillafirefox_esrMatch31.1.1

OR

mozillafirefox_esrMatch31.2

OR

mozillafirefox_esrMatch31.3

OR

mozillafirefox_esrMatch31.3.0

OR

mozillafirefox_esrMatch31.4

OR

mozillafirefox_esrMatch31.5

OR

mozillafirefox_esrMatch31.5.1

OR

mozillafirefox_esrMatch31.5.2

OR

mozillafirefox_esrMatch31.5.3

OR

mozillafirefox_esrMatch31.6.0

OR

mozillafirefox_esrMatch31.7.0

OR

mozillafirefox_esrMatch38.0

Node

novellsuse_linux_enterprise_desktopMatch11sp4

OR

novellsuse_linux_enterprise_desktopMatch12.0

OR

novellsuse_linux_enterprise_serverMatch12.0

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

rhn.redhat.com/errata/RHSA-2015-1207.html

www.mozilla.org/security/announce/2015/mfsa2015-65.html

www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.securityfocus.com/bid/75541

www.securitytracker.com/id/1032783

www.securitytracker.com/id/1032784

www.ubuntu.com/usn/USN-2656-1

www.ubuntu.com/usn/USN-2656-2

bugzilla.mozilla.org/show_bug.cgi?id=1169867

security.gentoo.org/glsa/201512-10

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

4.7 Medium

AI Score

Confidence

High

0.039 Low

EPSS

Percentile

92.0%

Related for NVD:CVE-2015-2733

prion1 cvelist1 cve1 ubuntucve1 mozilla1 openvas20 nessus20 mageia1 veracode15 centos1 suse6 oraclelinux1 redhat1 archlinux1 kaspersky1 ubuntu2 securityvulns1 freebsd1 ibm2 gentoo1