CVE-2015-4477high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.
References
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00089.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00091.html
http://www.mozilla.org/security/announce/2015/mfsa2015-81.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1033247
http://www.ubuntu.com/usn/USN-2702-1
http://www.ubuntu.com/usn/USN-2702-2
http://www.ubuntu.com/usn/USN-2702-3
Details
Source: MITRE
Published: 2015-08-16
Updated: 2018-10-30
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 39.0.3 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 91379 | GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH) | Nessus | Gentoo Local Security Checks | critical |
| 90240 | openSUSE Security Update : MozillaThunderbird (openSUSE-2016-402) | Nessus | SuSE Local Security Checks | critical |
| 90170 | openSUSE Security Update : MozillaThunderbird (openSUSE-2016-395) | Nessus | SuSE Local Security Checks | critical |
| 8856 | Mozilla Firefox < 40.0 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | critical |
| 85578 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2702-3) | Nessus | Ubuntu Local Security Checks | critical |
| 85437 | openSUSE Security Update : MozillaFirefox (openSUSE-2015-548) | Nessus | SuSE Local Security Checks | critical |
| 85436 | openSUSE Security Update : MozillaFirefox (openSUSE-2015-547) | Nessus | SuSE Local Security Checks | critical |
| 85386 | Firefox < 40 Multiple Vulnerabilities | Nessus | Windows | critical |
| 85384 | Firefox < 40 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 85345 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2702-2) | Nessus | Ubuntu Local Security Checks | critical |
| 85344 | Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2702-1) | Nessus | Ubuntu Local Security Checks | critical |
| 85338 | FreeBSD : mozilla -- multiple vulnerabilities (c66a5632-708a-4727-8236-d65b2d5b2739) | Nessus | FreeBSD Local Security Checks | critical |