CVE-2015-4488

9 documents7 sources
Severity
7.5HIGH
EPSS
1.9%
top 16.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxCanonical Ubuntu LinuxMozilla Firefox OS+2 more
Timeline
PublishedAug 16
Latest updateMay 14

Description

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

NVDmozilla/firefox39.0.3+4
Ubuntufirefox< 40.0+build4-0ubuntu0.14.04.1
Ubuntuthunderbird< 1:38.2.0+build1-0ubuntu0.14.04.1
NVDoracle/solaris11.3

Also affects: Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

4
GHSA
GHSA-pfmq-4r52-h3xc: Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 402022-05-14
OSV
thunderbird vulnerabilities2015-08-25
CVEList
CVE-2015-4488: Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 402015-08-16
OSV
CVE-2015-4488: Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 402015-08-11

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2015-08-25
Ubuntu
Firefox vulnerabilities2015-08-11
Red Hat
Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)2015-08-11

💬Community

1
Bugzilla
CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 Mozilla: Vulnerabilities found through code inspection (MFSA 2015-90)2015-08-11
CVE-2015-4488 (HIGH CVSS 7.5) | Use-after-free vulnerability in the | cvebase.io