CVE Vulnerabilities

CVE-2015-4492

Published: Aug 16, 2015 | Modified: Oct 22, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
5.1 MODERATE
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.

Affected Software

Name Vendor Start Version End Version
Solaris Oracle 11.3 (including) 11.3 (including)
Firefox Ubuntu devel *
Firefox Ubuntu precise *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu vivid *
Red Hat Enterprise Linux 5 RedHat firefox-0:38.2.0-4.el5_11 *
Red Hat Enterprise Linux 6 RedHat firefox-0:38.2.0-4.el6_7 *
Red Hat Enterprise Linux 7 RedHat firefox-0:38.2.0-4.el7_1 *

References