CVE-2015-2733 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free9 documents7 sources

Severity

10.0CRITICALNVD

EPSS

2.7%

top 14.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Firefox ESR Novell Suse Linux Enterprise Desktop +2 more

Timeline

PublishedJul 6

Latest updateMay 17

Description

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶Ubuntumozilla/firefox< 39.0+build5-0ubuntu0.14.04.1

▶NVDmozilla/firefox38.1.0+8

▶NVDmozilla/firefox_esr7 versions+6

▶NVDoracle/solaris11.3

▶NVDnovell/suse_linux_enterprise_server12.0

🔴Vulnerability Details

GHSA

GHSA-2wpc-7vw8-rm2x: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39↗2022-05-17

▶

OSV

firefox vulnerabilities↗2015-07-09

▶

CVEList

CVE-2015-2733: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39↗2015-07-06

▶

OSV

CVE-2015-2733: Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39↗2015-07-05

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2015-07-15

▶

Ubuntu

Firefox vulnerabilities↗2015-07-09

▶

Red Hat

Mozilla: Use-after-free in workers while using XMLHttpRequest (MFSA 2015-65)↗2015-07-02

▶

💬Community

Bugzilla

CVE-2015-2722 CVE-2015-2733 Mozilla: Use-after-free in workers while using XMLHttpRequest (MFSA 2015-65)↗2015-06-30

▶