CVE-2015-7204 — Mozilla Firefox vulnerability

CWE-177 documents6 sources

Severity

6.8MEDIUMNVD

OSV10.0

EPSS

1.7%

top 17.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Fedoraproject Fedora Opensuse Leap +1 more

Timeline

PublishedDec 16

Latest updateMay 14

Description

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

▶Ubuntumozilla/firefox< 43.0+build1-0ubuntu0.14.04.1

▶NVDmozilla/firefox42.0+3

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Fedora 22, 23

🔴Vulnerability Details

GHSA

GHSA-4v8v-q38v-qx4j: Mozilla Firefox before 43↗2022-05-14

▶

OSV

CVE-2015-7204: Mozilla Firefox before 43↗2015-12-15

▶

OSV

firefox vulnerabilities↗2015-12-15

▶

📋Vendor Advisories

Red Hat

Mozilla: Crash with JavaScript variable assignment with unboxed objects (MFSA 2015-135)↗2015-12-16

▶

Ubuntu

Firefox vulnerabilities↗2015-12-15

▶

💬Community

Bugzilla

CVE-2015-7204 Mozilla: Crash with JavaScript variable assignment with unboxed objects (MFSA 2015-135)↗2015-12-15

▶