7.5

CVE-2015-4509

EPSS 2.7%
Veröffentlicht 24.09.2015 04:59:12
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version38.0

Mozilla ≫ Firefox Version38.0.1

Mozilla ≫ Firefox Version38.0.5

Mozilla ≫ Firefox Version38.1.0

Mozilla ≫ Firefox Version38.1.1

Mozilla ≫ Firefox Version38.2.0

Mozilla ≫ Firefox Version38.2.1

Mozilla ≫ Firefox Version <= 40.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.7%	0.853

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html

http://www.securitytracker.com/id/1033640

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html

http://rhn.redhat.com/errata/RHSA-2015-1834.html

http://rhn.redhat.com/errata/RHSA-2015-1852.html

http://www.debian.org/security/2015/dsa-3365

http://www.securityfocus.com/bid/76816

http://www.ubuntu.com/usn/USN-2743-1

http://www.ubuntu.com/usn/USN-2743-2

http://www.ubuntu.com/usn/USN-2743-3

http://www.ubuntu.com/usn/USN-2743-4

http://www.ubuntu.com/usn/USN-2754-1

http://www.mozilla.org/security/announce/2015/mfsa2015-106.html

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-15-646

https://bugzilla.mozilla.org/show_bug.cgi?id=1198435

https://nvd.nist.gov/vuln/detail/CVE-2015-4509

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-4509

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-4509

EUVD