Published: 06/07/2015 Updated: 28/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox prior to 39.0 and Firefox ESR 31.x prior to 31.8 and 38.x prior to 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote malicious users to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
novell suse linux enterprise server 12.0
novell suse linux enterprise desktop 12.0
novell suse linux enterprise server 11
mozilla firefox esr 31.7.0
mozilla firefox esr 31.6.0
mozilla firefox esr 31.2
mozilla firefox esr 31.1.1
mozilla firefox esr 31.5
mozilla firefox esr 31.4
mozilla firefox esr 31.0
mozilla firefox esr 31.5.3
mozilla firefox esr 31.5.2
mozilla firefox esr 31.5.1
mozilla firefox esr 31.1.0
mozilla firefox esr 31.1
mozilla firefox esr 38.0
mozilla firefox esr 31.3.0
mozilla firefox esr 31.3
mozilla firefox
oracle solaris 11.3

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vul ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2015-61 Type confusion in Indexed Database Manager Announced July 2, 2015 Reporter Paul Bandha Impact High Products Firefox, Firefox ESR, Firefox OS, SeaMonkey Fixed in ...

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 390 and Firefox ESR 31x before 318 and 38x before 381 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecif ...

NVD-CWE-Other https://bugzilla.mozilla.org/show_bug.cgi?id=1142210 http://www.mozilla.org/security/announce/2015/mfsa2015-61.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.securityfocus.com/bid/75541 https://security.gentoo.org/glsa/201512-10 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.ubuntu.com/usn/USN-2656-2 http://www.ubuntu.com/usn/USN-2656-1 http://www.securitytracker.com/id/1032783 http://www.debian.org/security/2015/dsa-3300 http://rhn.redhat.com/errata/RHSA-2015-1207.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html https://nvd.nist.gov https://www.debian.org/security/./dsa-3300 https://usn.ubuntu.com/2656-1/https://access.redhat.com/security/cve/cve-2015-2728

CVE-2015-2728

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect