CVE-2015-2731Use After Free in Mozilla Firefox

CWE-416Use After Free9 documents7 sources
Severity
10.0CRITICALNVD
OSV4.3
EPSS
0.9%
top 23.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Mozilla FirefoxMozilla ThunderbirdMozilla Firefox ESR+1 more
Timeline
PublishedJul 6
Latest updateMay 17

Description

Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allows remote attackers to execute arbitrary code by leveraging client-side JavaScript that triggers removal of a DOM object on the basis of a Content Policy.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1
NVDmozilla/firefox38.1.0+8
NVDmozilla/firefox_esr7 versions+6
Ubuntumozilla/thunderbird< 1:31.8.0+build1-0ubuntu0.14.04.1

🔴Vulnerability Details

4
GHSA
GHSA-x5r4-6m79-9q47: Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 392022-05-17
OSV
firefox vulnerabilities2015-07-09
CVEList
CVE-2015-2731: Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 392015-07-06
OSV
CVE-2015-2731: Use-after-free vulnerability in the CSPService::ShouldLoad function in the microtask implementation in Mozilla Firefox before 392015-07-05

📋Vendor Advisories

3
Ubuntu
Firefox vulnerabilities2015-07-15
Ubuntu
Firefox vulnerabilities2015-07-09
Red Hat
Mozilla: Use-after-free in Content Policy due to microtask execution error (MFSA 2015-63)2015-07-02

💬Community

1
Bugzilla
CVE-2015-2731 Mozilla: Use-after-free in Content Policy due to microtask execution error (MFSA 2015-63)2015-06-30
CVE-2015-2731 — Use After Free in Mozilla Firefox | cvebase