10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.039 Low
EPSS
Percentile
91.9%
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function
in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x
before 38.1 allows remote attackers to execute arbitrary code via vectors
involving attachment of an XMLHttpRequest object to a dedicated worker.
www.mozilla.org/security/announce/2015/mfsa2015-65.html
bugzilla.mozilla.org/show_bug.cgi?id=1169867
launchpad.net/bugs/cve/CVE-2015-2733
nvd.nist.gov/vuln/detail/CVE-2015-2733
security-tracker.debian.org/tracker/CVE-2015-2733
ubuntu.com/security/notices/USN-2656-1
ubuntu.com/security/notices/USN-2656-2
www.cve.org/CVERecord?id=CVE-2015-2733
www.mozilla.org/en-US/security/advisories/mfsa2015-65/