CVE-2015-4487
published 2015-08-16CVE-2015-4487: The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| mozilla | firefox | <= 39.0.3 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 40.0+build4-0ubuntu0.14.04.1 | 40.0+build4-0ubuntu0.14.04.1 |
| mozilla | firefox | >= 0 < 40.0+build4-0ubuntu0.14.04.4 | 40.0+build4-0ubuntu0.14.04.4 |
| mozilla | firefox_os | <= 2.1.0 | — |
| mozilla | thunderbird | >= 0 < 1:38.2.0+build1-0ubuntu0.14.04.1 | 1:38.2.0+build1-0ubuntu0.14.04.1 |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| oracle | solaris | — | — |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv10.0CRITICAL