CVE-2015-2713Use After Free in Mozilla Firefox

CWE-416Use After Free8 documents7 sources
Severity
6.8MEDIUMNVD
EPSS
1.8%
top 17.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Mozilla FirefoxMozilla ThunderbirdMozilla Firefox ESR+4 more
Timeline
PublishedMay 14
Latest updateMay 14

Description

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages9 packages

Ubuntumozilla/firefox< 38.0+build3-0ubuntu0.14.04.1
NVDmozilla/firefox37.0.2+7
NVDmozilla/firefox_esr6 versions+5
Ubuntumozilla/thunderbird< 1:31.7.0+build1-0ubuntu0.14.04.1

🔴Vulnerability Details

3
GHSA
GHSA-m69x-6q22-9gfc: Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 382022-05-14
CVEList
CVE-2015-2713: Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 382015-05-14
OSV
CVE-2015-2713: Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 382015-05-13

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2015-05-18
Ubuntu
Firefox vulnerabilities2015-05-13
Red Hat
Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51)2015-05-12

💬Community

1
Bugzilla
CVE-2015-2713 Mozilla: Use-after-free during text processing with vertical text enabled (MFSA 2015-51)2015-05-12
CVE-2015-2713 — Use After Free in Mozilla Firefox | cvebase