Lucene search

[email protected]NVD:CVE-2015-2722

HistoryJul 06, 2015 - 2:00 a.m.

CVE-2015-2722

2015-07-0602:00:54

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

4.7

Confidence

High

EPSS

0.045

Percentile

92.5%

JSON

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

Affected configurations

Nvd

Node

oraclesolarisMatch11.3

Node

mozillafirefox_esrMatch31.0

mozillafirefox_esrMatch31.1

mozillafirefox_esrMatch31.1.0

mozillafirefox_esrMatch31.1.1

mozillafirefox_esrMatch31.2

mozillafirefox_esrMatch31.3

mozillafirefox_esrMatch31.3.0

mozillafirefox_esrMatch31.4

mozillafirefox_esrMatch31.5

mozillafirefox_esrMatch31.5.1

mozillafirefox_esrMatch31.5.2

mozillafirefox_esrMatch31.5.3

mozillafirefox_esrMatch31.6.0

mozillafirefox_esrMatch31.7.0

mozillafirefox_esrMatch38.0

Node

mozillafirefoxRange≤38.1.0

Node

novellsuse_linux_enterprise_software_development_kitMatch12.0

novellsuse_linux_enterprise_desktopMatch12.0

novellsuse_linux_enterprise_serverMatch11sp4

novellsuse_linux_enterprise_serverMatch12.0

VendorProductVersionCPE
oraclesolaris11.3cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
mozillafirefox_esr31.0cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*
mozillafirefox_esr31.1cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*
mozillafirefox_esr31.1.0cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*
mozillafirefox_esr31.1.1cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*
mozillafirefox_esr31.2cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*
mozillafirefox_esr31.3cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*
mozillafirefox_esr31.3.0cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*
mozillafirefox_esr31.4cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*
mozillafirefox_esr31.5cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	solaris	11.3	cpe:2.3:o:oracle:solaris:11.3:::::::*
mozilla	firefox_esr	31.0	cpe:2.3:a:mozilla:firefox_esr:31.0:::::::*
mozilla	firefox_esr	31.1	cpe:2.3:a:mozilla:firefox_esr:31.1:::::::*
mozilla	firefox_esr	31.1.0	cpe:2.3:a:mozilla:firefox_esr:31.1.0:::::::*
mozilla	firefox_esr	31.1.1	cpe:2.3:a:mozilla:firefox_esr:31.1.1:::::::*
mozilla	firefox_esr	31.2	cpe:2.3:a:mozilla:firefox_esr:31.2:::::::*
mozilla	firefox_esr	31.3	cpe:2.3:a:mozilla:firefox_esr:31.3:::::::*
mozilla	firefox_esr	31.3.0	cpe:2.3:a:mozilla:firefox_esr:31.3.0:::::::*
mozilla	firefox_esr	31.4	cpe:2.3:a:mozilla:firefox_esr:31.4:::::::*
mozilla	firefox_esr	31.5	cpe:2.3:a:mozilla:firefox_esr:31.5:::::::*