CVE-2015-2728 — Type Confusion in Mozilla Firefox

CWE-843 — Type Confusion8 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Novell Suse Linux Enterprise Desktop +2 more

Timeline

PublishedJul 6

Latest updateMay 17

Description

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1

▶NVDmozilla/firefox38.1.0+8

▶NVDmozilla/firefox_esr7 versions+6

▶NVDoracle/solaris11.3

▶NVDnovell/suse_linux_enterprise_server11, 12.0+1

🔴Vulnerability Details

GHSA

GHSA-r8g9-x5r3-7rc6: The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39↗2022-05-17

▶

CVEList

CVE-2015-2728: The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39↗2015-07-06

▶

OSV

CVE-2015-2728: The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39↗2015-07-05

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2015-07-15

▶

Ubuntu

Firefox vulnerabilities↗2015-07-09

▶

Red Hat

Mozilla: Type confusion in Indexed Database Manager (MFSA 2015-61)↗2015-07-02

▶

💬Community

Bugzilla

CVE-2015-2728 Mozilla: Type confusion in Indexed Database Manager (MFSA 2015-61)↗2015-06-30

▶