CVE-2015-4474HIGH
Description
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
References
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
http://www.mozilla.org/security/announce/2015/mfsa2015-79.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1033247
http://www.securitytracker.com/id/1033372
http://www.ubuntu.com/usn/USN-2702-1
http://www.ubuntu.com/usn/USN-2702-2
http://www.ubuntu.com/usn/USN-2702-3
https://bugzilla.mozilla.org/show_bug.cgi?id=1143130
https://bugzilla.mozilla.org/show_bug.cgi?id=1161719
https://bugzilla.mozilla.org/show_bug.cgi?id=1177501
https://bugzilla.mozilla.org/show_bug.cgi?id=1181204
https://bugzilla.mozilla.org/show_bug.cgi?id=1184068
Details
Source: MITRE
Published: 2015-08-16
Updated: 2018-10-30
Type: NVD-CWE-noinfo
Risk Information
CVSS v2.0
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 39.0.3 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 91379 | GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH) | Nessus | Gentoo Local Security Checks | critical |
| 87063 | SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1) | Nessus | SuSE Local Security Checks | critical |
| 85906 | SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1) | Nessus | SuSE Local Security Checks | critical |
| 8856 | Mozilla Firefox < 40.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 85763 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1476-1) | Nessus | SuSE Local Security Checks | critical |
| 85721 | SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam) | Nessus | SuSE Local Security Checks | critical |
| 85578 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2702-3) | Nessus | Ubuntu Local Security Checks | critical |
| 85437 | openSUSE Security Update : MozillaFirefox (openSUSE-2015-548) | Nessus | SuSE Local Security Checks | critical |
| 85436 | openSUSE Security Update : MozillaFirefox (openSUSE-2015-547) | Nessus | SuSE Local Security Checks | critical |
| 85386 | Firefox < 40 Multiple Vulnerabilities | Nessus | Windows | critical |
| 85384 | Firefox < 40 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 85345 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2702-2) | Nessus | Ubuntu Local Security Checks | critical |
| 85344 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2702-1) | Nessus | Ubuntu Local Security Checks | critical |
| 85338 | FreeBSD : mozilla -- multiple vulnerabilities (c66a5632-708a-4727-8236-d65b2d5b2739) | Nessus | FreeBSD Local Security Checks | critical |