10

CVE-2015-2722

EPSS 2.29%
Veröffentlicht 06.07.2015 02:00:54
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Solaris Version11.3

Mozilla ≫ Firefox Version31.0

Mozilla ≫ Firefox Version31.1.0

Mozilla ≫ Firefox Version31.1.1

Mozilla ≫ Firefox Version31.3.0

Mozilla ≫ Firefox Version31.5.1

Mozilla ≫ Firefox Version31.5.2

Mozilla ≫ Firefox Version31.5.3

Mozilla ≫ Firefox Version38.0

Mozilla ≫ Firefox ESR Version31.1

Mozilla ≫ Firefox ESR Version31.2

Mozilla ≫ Firefox ESR Version31.3

Mozilla ≫ Firefox ESR Version31.4

Mozilla ≫ Firefox ESR Version31.5

Mozilla ≫ Firefox ESR Version31.6.0

Mozilla ≫ Firefox ESR Version31.7.0

Mozilla ≫ Firefox Version <= 38.1.0

Novell ≫ Suse Linux Enterprise Software Development Kit Version12.0

Novell ≫ Suse Linux Enterprise Desktop Version12.0

Novell ≫ Suse Linux Enterprise Server Version11 Updatesp4

Novell ≫ Suse Linux Enterprise Server Version12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.29%	0.84

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Third Party Advisory

https://security.gentoo.org/glsa/201512-10

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://www.securitytracker.com/id/1032783

http://www.securitytracker.com/id/1032784

http://www.ubuntu.com/usn/USN-2656-1

http://www.ubuntu.com/usn/USN-2656-2

http://www.securityfocus.com/bid/75541

http://rhn.redhat.com/errata/RHSA-2015-1207.html

http://www.mozilla.org/security/announce/2015/mfsa2015-65.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1166924

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2015-2722

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-2722

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-2722

EUVD