CVE-2015-0831Use After Free in Mozilla Firefox

CWE-416Use After Free13 documents7 sources
Severity
6.8MEDIUMNVD
OSV4.3
EPSS
2.0%
top 16.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla ThunderbirdCanonical Ubuntu Linux+2 more
Timeline
PublishedFeb 25
Latest updateMay 14

Description

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages5 packages

Ubuntumozilla/firefox< 36.0+build2-0ubuntu0.14.04.4+1
NVDmozilla/firefox35.0.1+215
NVDmozilla/firefox_esr5 versions+4
Ubuntumozilla/thunderbird< 1:31.5.0+build1-0ubuntu0.14.04.1

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, Enterprise Linux 5, 6.0

🔴Vulnerability Details

5
GHSA
GHSA-7fwr-rxv9-jvxf: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 362022-05-14
OSV
firefox regression2015-03-09
OSV
thunderbird vulnerabilities2015-03-03
OSV
firefox vulnerabilities2015-02-25
OSV
CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 362015-02-25

📋Vendor Advisories

4
Ubuntu
Firefox regression2015-03-09
Ubuntu
Thunderbird vulnerabilities2015-03-03
Ubuntu
Firefox vulnerabilities2015-02-25
Red Hat
Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)2015-02-24

🕵️Threat Intelligence

2
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities2015-03-17
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities2015-03-17

💬Community

1
Bugzilla
CVE-2015-0831 Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)2015-02-24