Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-2731

Published: 06/07/2015 Updated: 28/12/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Mozilla

Vulnerability Summary

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox prior to 39.0, Firefox ESR 38.x prior to 38.1, and Thunderbird prior to 38.1 allows remote malicious users to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla thunderbird

oracle solaris 11.3

mozilla firefox esr 31.5.2

mozilla firefox esr 31.5.1

mozilla firefox esr 31.1

mozilla firefox esr 31.0

mozilla firefox esr 38.0

mozilla firefox esr 31.7.0

mozilla firefox esr 31.3.0

mozilla firefox esr 31.3

mozilla firefox esr 31.2

mozilla firefox esr 31.5

mozilla firefox esr 31.4

mozilla firefox esr 31.6.0

mozilla firefox esr 31.5.3

mozilla firefox esr 31.1.1

mozilla firefox esr 31.1.0

Vendor Advisories

Debian Security Advisories: DSA-3300-1 iceweasel -- security update
Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service This update also addresses a vulnerability in DHE key processing commonly known as the LogJam vul ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Mozilla: Use-after-free in Content Policy due to microtask execution error
Mozilla Foundation Security Advisory 2015-63 Use-after-free in Content Policy due to microtask execution error Announced July 2, 2015 Reporter Herre Impact Critical Products Firefox, Firefox ESR, SeaMonkey, Thunderbird ...
Red Hat: CVE-2015-2731
Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 390, Firefox ESR 38x before 381, and Thunderbird before 381 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy ...

References

NVD-CWE-Otherhttps://bugzilla.mozilla.org/show_bug.cgi?id=1149891http://www.mozilla.org/security/announce/2015/mfsa2015-63.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlhttp://www.securityfocus.com/bid/75541https://security.gentoo.org/glsa/201512-10http://rhn.redhat.com/errata/RHSA-2015-1455.htmlhttp://www.ubuntu.com/usn/USN-2656-2http://www.ubuntu.com/usn/USN-2656-1http://www.securitytracker.com/id/1032784http://www.securitytracker.com/id/1032783http://www.debian.org/security/2015/dsa-3300http://rhn.redhat.com/errata/RHSA-2015-1207.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.htmlhttps://nvd.nist.govhttps://www.debian.org/security/./dsa-3300https://usn.ubuntu.com/2656-1/https://access.redhat.com/security/cve/cve-2015-2731
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook