10

CVE-2015-2731

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 38.1.0
MozillaThunderbird Version <= 38.0.1
OracleSolaris Version11.3
MozillaFirefox Version31.0
MozillaFirefox Version31.1.0
MozillaFirefox Version31.1.1
MozillaFirefox Version31.3.0
MozillaFirefox Version31.5.1
MozillaFirefox Version31.5.2
MozillaFirefox Version31.5.3
MozillaFirefox Version38.0
MozillaFirefox ESR Version31.1
MozillaFirefox ESR Version31.2
MozillaFirefox ESR Version31.3
MozillaFirefox ESR Version31.4
MozillaFirefox ESR Version31.5
MozillaFirefox ESR Version31.6.0
MozillaFirefox ESR Version31.7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.95% 0.756
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C