CVE-2015-4488

HIGH

Description

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

References

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html

http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html

http://rhn.redhat.com/errata/RHSA-2015-1586.html

http://rhn.redhat.com/errata/RHSA-2015-1682.html

http://www.debian.org/security/2015/dsa-3333

http://www.debian.org/security/2015/dsa-3410

http://www.mozilla.org/security/announce/2015/mfsa2015-90.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

http://www.securitytracker.com/id/1033247

http://www.securitytracker.com/id/1033372

http://www.ubuntu.com/usn/USN-2702-1

http://www.ubuntu.com/usn/USN-2702-2

http://www.ubuntu.com/usn/USN-2702-3

http://www.ubuntu.com/usn/USN-2712-1

https://bugzilla.mozilla.org/show_bug.cgi?id=1176270

https://security.gentoo.org/glsa/201605-06

Details

Source: MITRE

Published: 2015-08-16

Updated: 2018-10-30

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 39.0.3 (inclusive)

cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*

cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
91379GLSA-201605-06 : Mozilla Products: Multiple vulnerabilities (Logjam) (SLOTH)NessusGentoo Local Security Checks
critical
87164Debian DSA-3410-1 : icedove - security updateNessusDebian Local Security Checks
critical
87063SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2015:2081-1)NessusSuSE Local Security Checks
critical
86497CentOS 5 / 6 / 7 : thunderbird (CESA-2015:1682)NessusCentOS Local Security Checks
critical
8878Firefox OS < 2.2 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
85906SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1528-1)NessusSuSE Local Security Checks
critical
8856Mozilla Firefox < 40.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
85763SUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1476-1)NessusSuSE Local Security Checks
critical
85721SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1) (Logjam)NessusSuSE Local Security Checks
critical
85703openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559)NessusSuSE Local Security Checks
critical
85702openSUSE Security Update : MozillaThunderbird (openSUSE-2015-558)NessusSuSE Local Security Checks
critical
85648Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : thunderbird vulnerabilities (USN-2712-1)NessusUbuntu Local Security Checks
critical
85646Scientific Linux Security Update : thunderbird on SL5.x, SL6.x, SL7.x i386/x86_64 (20150825)NessusScientific Linux Local Security Checks
critical
85645RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:1682)NessusRed Hat Local Security Checks
critical
85642Oracle Linux 6 / 7 : thunderbird (ELSA-2015-1682)NessusOracle Linux Local Security Checks
critical
85578Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox regression (USN-2702-3)NessusUbuntu Local Security Checks
critical
85437openSUSE Security Update : MozillaFirefox (openSUSE-2015-548)NessusSuSE Local Security Checks
critical
85436openSUSE Security Update : MozillaFirefox (openSUSE-2015-547)NessusSuSE Local Security Checks
critical
85386Firefox < 40 Multiple VulnerabilitiesNessusWindows
critical
85385Firefox ESR < 38.2 Multiple VulnerabilitiesNessusWindows
critical
85384Firefox < 40 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
85383Firefox ESR < 38.2 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
85356Debian DSA-3333-1 : iceweasel - security updateNessusDebian Local Security Checks
critical
85345Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : ubufox update (USN-2702-2)NessusUbuntu Local Security Checks
critical
85344Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : firefox vulnerabilities (USN-2702-1)NessusUbuntu Local Security Checks
critical
85343Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150811)NessusScientific Linux Local Security Checks
critical
85342RHEL 5 / 6 / 7 : firefox (RHSA-2015:1586)NessusRed Hat Local Security Checks
critical
85339Oracle Linux 5 / 6 / 7 : firefox (ELSA-2015-1586)NessusOracle Linux Local Security Checks
critical
85338FreeBSD : mozilla -- multiple vulnerabilities (c66a5632-708a-4727-8236-d65b2d5b2739)NessusFreeBSD Local Security Checks
critical
85336CentOS 5 / 6 / 7 : firefox (CESA-2015:1586)NessusCentOS Local Security Checks
critical