CVE-2015-4510 — Race Condition in Mozilla Firefox

CWE-362 — Race Condition CWE-416 — Use After Free13 documents6 sources

Severity

6.8MEDIUMNVD

OSV7.5

EPSS

2.5%

top 14.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedSep 24

Latest updateMay 17

Description

Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Ubuntumozilla/firefox< 41.0+build3-0ubuntu0.14.04.1+1

▶NVDmozilla/firefox40.0.3

🔴Vulnerability Details

GHSA

GHSA-hqqc-crjh-93xx: Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41↗2022-05-17

▶

OSV

firefox regression↗2015-10-05

▶

OSV

unity-firefox-extension, webapps-greasemonkey, webaccounts-browser-extension update↗2015-09-24

▶

OSV

ubufox update↗2015-09-22

▶

OSV

CVE-2015-4510: Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41↗2015-09-22

▶

📋Vendor Advisories

Ubuntu

Firefox regression↗2015-10-05

▶

Ubuntu

Unity Integration for Firefox, Unity Websites Integration and Ubuntu Online Accounts extension update↗2015-09-24

▶

Ubuntu

Ubufox update↗2015-09-22

▶

Red Hat

Mozilla: Use-after-free with shared workers and IndexedDB (MFSA 2015-104)↗2015-09-22

▶

Ubuntu

Firefox vulnerabilities↗2015-09-22

▶

💬Community

Bugzilla

CVE-2015-4510 Mozilla: Use-after-free with shared workers and IndexedDB (MFSA 2015-104)↗2015-09-22

▶