CVE-2015-0828 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

1.4%

top 19.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Opensuse Oracle Solaris

Timeline

PublishedFeb 25

Latest updateMay 14

Description

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox35.0.1+214

▶NVDoracle/solaris11.3

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-594r-8mw8-j9ff: Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36↗2022-05-14

▶

CVEList

CVE-2015-0828: Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36↗2015-02-25

▶

📋Vendor Advisories

Red Hat

Mozilla: Double-free when using non-default memory allocators with a zero-length XHR (MFSA 2015-18)↗2015-02-24

▶

💬Community

Bugzilla

CVE-2015-0828 Mozilla: Double-free when using non-default memory allocators with a zero-length XHR (MFSA 2015-18)↗2015-02-24

▶