CVE-2015-7196 — Mozilla Firefox vulnerability

CWE-177 documents6 sources

Severity

6.8MEDIUMNVD

OSV7.5

EPSS

2.4%

top 14.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 5

Latest updateMay 17

Description

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Ubuntumozilla/firefox< 42.0+build2-0ubuntu0.14.04.1

▶NVDmozilla/firefox41.0.2+8

🔴Vulnerability Details

GHSA

GHSA-m7pc-jrgg-qm66: Mozilla Firefox before 42↗2022-05-17

▶

OSV

firefox vulnerabilities↗2015-11-04

▶

OSV

CVE-2015-7196: Mozilla Firefox before 42↗2015-11-04

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2015-11-04

▶

Red Hat

Mozilla: JavaScript garbage collection crash with Java applet (MFSA 2015-130)↗2015-11-04

▶

💬Community

Bugzilla

CVE-2015-7196 Mozilla: JavaScript garbage collection crash with Java applet (MFSA 2015-130)↗2015-11-03

▶