Lucene search

K

Ubuntu.comUB:CVE-2015-0828

HistoryFeb 25, 2015 - 12:00 a.m.

CVE-2015-0828

2015-02-2500:00:00

ubuntu.com

ubuntu.com

13

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

83.2%

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in
Mozilla Firefox before 36.0, when a nonstandard memory allocator is used,
allows remote attackers to execute arbitrary code or cause a denial of
service (heap memory corruption) via crafted JavaScript code that makes an
XMLHttpRequest call with zero bytes of data.

Notes

Author	Note
chrisccoulson	Doesn’t affect builds that use jemalloc

References

www.mozilla.org/security/announce/2015/mfsa2015-18.html

bugzilla.mozilla.org/show_bug.cgi?id=1030667

bugzilla.mozilla.org/show_bug.cgi?id=988675

launchpad.net/bugs/cve/CVE-2015-0828

nvd.nist.gov/vuln/detail/CVE-2015-0828

security-tracker.debian.org/tracker/CVE-2015-0828

www.cve.org/CVERecord?id=CVE-2015-0828

www.mozilla.org/en-US/security/advisories/mfsa2015-18/

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

83.2%

Related for UB:CVE-2015-0828

mozilla1 cvelist1 nvd1 openvas6 prion1 cve1 nessus8 mageia1 kaspersky1 suse1 freebsd1 securityvulns1 gentoo1