CVE-2015-7204

medium

Description

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174083.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174253.html

http://lists.opensuse.org/opensuse-updates/2015-12/msg00104.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html

http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1216130

https://security.gentoo.org/glsa/201512-10

http://www.mozilla.org/security/announce/2015/mfsa2015-135.html

http://www.securitytracker.com/id/1034426

http://www.ubuntu.com/usn/USN-2833-1

Details

Published: 2015-12-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

Detections

Analytics