Published: 16/08/2015 Updated: 30/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox prior to 40.0, Firefox ESR 38.x prior to 38.2, and Firefox OS prior to 2.2 allows remote malicious users to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle solaris 11.3
opensuse opensuse 13.1
opensuse opensuse 13.2
canonical ubuntu linux 15.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04
mozilla firefox esr 38.1.0
mozilla firefox os 2.1.0
mozilla firefox esr 38.0.1
mozilla firefox esr 38.0.5
mozilla firefox esr 38.0
mozilla firefox

This update provides compatible packages for Firefox 40 ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

USN-2702-1 introduced a regression in Firefox ...

Several security issues were fixed in Thunderbird ...

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service For the oldstable distribution (wheezy), these problems have been fixed in ...

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, bypass of the same-origin policy or denial of service Debian follows the extende ...

Mozilla Foundation Security Advisory 2015-90 Vulnerabilities found through code inspection Announced August 11, 2015 Reporter Ronald Crane Impact High Products Firefox, Firefox ESR, Firefox OS, SeaMonkey, Thunderbird Fi ...

NVD-CWE-Other https://bugzilla.mozilla.org/show_bug.cgi?id=1176270 http://www.mozilla.org/security/announce/2015/mfsa2015-90.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html http://www.ubuntu.com/usn/USN-2702-2 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html http://www.ubuntu.com/usn/USN-2702-1 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201605-06 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://www.debian.org/security/2015/dsa-3410 http://www.securitytracker.com/id/1033372 http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://www.ubuntu.com/usn/USN-2712-1 http://www.ubuntu.com/usn/USN-2702-3 http://www.securitytracker.com/id/1033247 http://www.debian.org/security/2015/dsa-3333 http://rhn.redhat.com/errata/RHSA-2015-1682.html http://rhn.redhat.com/errata/RHSA-2015-1586.html https://nvd.nist.gov https://usn.ubuntu.com/2702-2/

CVE-2015-4488

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect