CVE Vulnerabilities

CVE-2015-2733

Published: Jul 06, 2015 | Modified: Oct 22, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
6.8 CRITICAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 38.1.0 (including)
Red Hat Enterprise Linux 5 RedHat firefox-0:38.1.0-1.el5_11 *
Red Hat Enterprise Linux 6 RedHat firefox-0:38.1.0-1.el6_6 *
Red Hat Enterprise Linux 7 RedHat firefox-0:38.1.0-1.ael7b_1 *
Firefox Ubuntu devel *
Firefox Ubuntu precise *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu utopic *
Firefox Ubuntu vivid *

References