CVE-2015-4497 — Use After Free in Mozilla Firefox

CWE-416 — Use After Free7 documents6 sources

Severity

10.0CRITICALNVD

EPSS

3.0%

top 13.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedAug 29

Latest updateMay 17

Description

Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Ubuntumozilla/firefox< 40.0.3+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox6 versions+5

🔴Vulnerability Details

GHSA

GHSA-v9wp-mjxj-3vqc: Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40↗2022-05-17

▶

OSV

firefox vulnerabilities↗2015-08-27

▶

OSV

CVE-2015-4497: Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40↗2015-08-27

▶

📋Vendor Advisories

Red Hat

Mozilla: Use-after-free when resizing canvas element during restyling (MFSA 2015-94)↗2015-08-27

▶

Ubuntu

Firefox vulnerabilities↗2015-08-27

▶

💬Community

Bugzilla

CVE-2015-4497 Mozilla: Use-after-free when resizing canvas element during restyling (MFSA 2015-94)↗2015-08-26

▶