CVE-2015-4474

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

http://www.mozilla.org/security/announce/2015/mfsa2015-79.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securitytracker.com/id/1033247

http://www.securitytracker.com/id/1033372

http://www.ubuntu.com/usn/USN-2702-1

http://www.ubuntu.com/usn/USN-2702-2

http://www.ubuntu.com/usn/USN-2702-3

https://bugzilla.mozilla.org/show_bug.cgi?id=1143130

https://bugzilla.mozilla.org/show_bug.cgi?id=1161719

https://bugzilla.mozilla.org/show_bug.cgi?id=1177501

https://bugzilla.mozilla.org/show_bug.cgi?id=1181204

https://bugzilla.mozilla.org/show_bug.cgi?id=1184068

https://bugzilla.mozilla.org/show_bug.cgi?id=1188590

https://security.gentoo.org/glsa/201605-06

Details

Source: MITRE

Published: 2015-08-16

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 39.0.3 (inclusive)

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
91379GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)NessusGentoo Local Security Checks
critical
87063SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)NessusSuSE Local Security Checks
critical
85906SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)NessusSuSE Local Security Checks
critical
8856Mozilla Firefox < 40.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
85763SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1476-1)NessusSuSE Local Security Checks
critical
85721SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)NessusSuSE Local Security Checks
low
85578Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2702-3)NessusUbuntu Local Security Checks
critical
85437openSUSE Security Update : MozillaFirefox (openSUSE-2015-548)NessusSuSE Local Security Checks
critical
85436openSUSE Security Update : MozillaFirefox (openSUSE-2015-547)NessusSuSE Local Security Checks
critical
85386Firefox < 40 Multiple VulnerabilitiesNessusWindows
critical
85384Firefox < 40 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
85345Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2702-2)NessusUbuntu Local Security Checks
critical
85344Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2702-1)NessusUbuntu Local Security Checks
critical
85338FreeBSD : mozilla -- multiple vulnerabilities (c66a5632-708a-4727-8236-d65b2d5b2739)NessusFreeBSD Local Security Checks
critical