CVE-2015-4488

HIGH

Description

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

References

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

http://rhn.redhat.com/errata/RHSA-2015-1586.html

http://rhn.redhat.com/errata/RHSA-2015-1682.html

http://www.debian.org/security/2015/dsa-3333

http://www.debian.org/security/2015/dsa-3410

http://www.mozilla.org/security/announce/2015/mfsa2015-90.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securitytracker.com/id/1033247

http://www.securitytracker.com/id/1033372

http://www.ubuntu.com/usn/USN-2702-1

http://www.ubuntu.com/usn/USN-2702-2

http://www.ubuntu.com/usn/USN-2702-3

http://www.ubuntu.com/usn/USN-2712-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1176270

https://security.gentoo.org/glsa/201605-06

Details

Source: MITRE

Published: 2015-08-16

Updated: 2018-10-30

Type: NVD-CWE-Other

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
91379	GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)	Nessus	Gentoo Local Security Checks	critical
87164	Debian DSA-3410-1 : icedove - security update	Nessus	Debian Local Security Checks	critical
87063	SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)	Nessus	SuSE Local Security Checks	critical
86497	CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1682)	Nessus	CentOS Local Security Checks	critical
8878	Firefox OS < 2.2 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
85906	SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)	Nessus	SuSE Local Security Checks	critical
8856	Mozilla Firefox < 40.0 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
85763	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1476-1)	Nessus	SuSE Local Security Checks	critical
85721	SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)	Nessus	SuSE Local Security Checks	critical
85703	openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559)	Nessus	SuSE Local Security Checks	critical
85702	openSUSE Security Update : MozillaThunderbird (openSUSE-2015-558)	Nessus	SuSE Local Security Checks	critical
85648	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2712-1)	Nessus	Ubuntu Local Security Checks	critical
85646	Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
85645	RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)	Nessus	Red Hat Local Security Checks	critical
85642	Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)	Nessus	Oracle Linux Local Security Checks	critical
85578	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2702-3)	Nessus	Ubuntu Local Security Checks	critical
85437	openSUSE Security Update : MozillaFirefox (openSUSE-2015-548)	Nessus	SuSE Local Security Checks	critical
85436	openSUSE Security Update : MozillaFirefox (openSUSE-2015-547)	Nessus	SuSE Local Security Checks	critical
85386	Firefox < 40 Multiple Vulnerabilities	Nessus	Windows	critical
85385	Firefox ESR < 38.2 Multiple Vulnerabilities	Nessus	Windows	critical
85384	Firefox < 40 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
85383	Firefox ESR < 38.2 Multiple Vulnerabilities (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
85356	Debian DSA-3333-1 : iceweasel - security update	Nessus	Debian Local Security Checks	critical
85345	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2702-2)	Nessus	Ubuntu Local Security Checks	critical
85344	Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2702-1)	Nessus	Ubuntu Local Security Checks	critical
85343	Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
85342	RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)	Nessus	Red Hat Local Security Checks	critical
85339	Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)	Nessus	Oracle Linux Local Security Checks	critical
85338	FreeBSD : mozilla -- multiple vulnerabilities (c66a5632-708a-4727-8236-d65b2d5b2739)	Nessus	FreeBSD Local Security Checks	critical
85336	CentOS 5 / 6 / 7 : firefox (CESA-2015:1586)	Nessus	CentOS Local Security Checks	critical