CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
96.5%
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla
Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote
attackers to execute arbitrary code via crafted JavaScript code that
modifies the URI table of a media element, aka ZDI-CAN-3176.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | firefox | < 41.0+build3-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | firefox | < 41.0+build3-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | firefox | < 41.0+build3-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | thunderbird | < 1:38.3.0+build1-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | thunderbird | < 1:38.3.0+build1-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | thunderbird | < 1:38.3.0+build1-0ubuntu0.15.04.1 | UNKNOWN |