Vulnerability in Mozilla Firefox
CVE-2015-2733
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachme…
EPSS: 0.027 (86.1th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 31.0, 31.1.0, 31.1.1
- Mozilla Firefox_esr — versions 31.1, 31.2, 31.3
- Novell Suse_linux_enterprise_desktop — versions 11, 12.0
- Novell Suse_linux_enterprise_server — versions 12.0
- Oracle Solaris — versions 11.3
- N/a — versions n/a
References
- openSUSE-SU-2015:1229 (vendor-advisory, x_refsource_SUSE)
- SUSE-SU-2015:1268 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- GLSA-201512-10 (vendor-advisory, x_refsource_GENTOO)
- security@mozilla.org (x_refsource_CONFIRM, Issue Tracking)
- 75541 (vdb-entry, x_refsource_BID)
- security@mozilla.org (x_refsource_CONFIRM, Third Party Advisory)
- 1032784 (vdb-entry, x_refsource_SECTRACK)
- RHSA-2015:1207 (x_refsource_REDHAT, vendor-advisory)
- SUSE-SU-2015:1269 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- openSUSE-SU-2015:1266 (vendor-advisory, x_refsource_SUSE)