CVE-2015-4509
Published Sep 24, 2015
Last updated 24 days ago
Overview
- Description
- Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.
- Source
- security@mozilla.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1343A1FD-98CF-4A6C-A697-1253E538FD5C"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D098567-B55E-4EAC-8FAA-31FAFDD4058F"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE0389BC-D295-4957-8AE7-EDAC770F596D"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EE7B0EF-4A3A-4353-8B50-6F28B5CADBDB",
"versionEndIncluding": "40.0.3"
}
],
"operator": "OR"
}
]
}
]