Firefox vulnerabilities

2015-08-2700:00:00

ubuntu.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

AI Score

Confidence

High

0.245 Low

EPSS

Percentile

96.7%

JSON

Releases

Ubuntu 15.04
Ubuntu 14.04 ESM
Ubuntu 12.04

Packages

firefox - Mozilla Open Source web browser

Details

A use-after-free was discovered when resizing a canvas element during
restyling in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox. (CVE-2015-4497)

Bas Venis discovered that the addon install permission prompt could be
bypassed using data: URLs in some circumstances. It was also discovered
that the installation notification could be made to appear over another
site. If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to install a malicious addon.
(CVE-2015-4498)

OSVersionArchitecturePackageVersionFilename
Ubuntu15.04noarchfirefox< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-dbg< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-dbgsym< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-dev< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-globalmenu< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-locale-af< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-locale-an< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-locale-ar< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-locale-as< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN
Ubuntu15.04noarchfirefox-locale-ast< 40.0.3+build1-0ubuntu0.15.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	15.04	noarch	firefox	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-dbg	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-dbgsym	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-dev	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-globalmenu	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-locale-af	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-locale-an	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-locale-ar	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-locale-as	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN
Ubuntu	15.04	noarch	firefox-locale-ast	< 40.0.3+build1-0ubuntu0.15.04.1	UNKNOWN