Vulnerability Details : CVE-2015-0815
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2015-0815
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0815
1.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0815
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2015-0815
-
http://www.securitytracker.com/id/1031996
Mozilla Firefox Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, and Obtain Potentially Sensitive Information - SecurityTracker
-
https://security.gentoo.org/glsa/201512-10
Mozilla Products: Multiple vulnerabilities (GLSA 201512-10) — Gentoo security
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1137326
1137326 - Avoid compartment iterator invalidation
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Oracle Solaris Third Party Bulletin - April 2015
-
http://www.mozilla.org/security/announce/2015/mfsa2015-30.html
Miscellaneous memory safety hazards (rv:37.0 / rv:31.6) — MozillaVendor Advisory
-
http://www.securityfocus.com/bid/73466
Mozilla Firefox Firefox ESR and Thunderbird CVE-2015-0815 Multiple Memory Corruption Vulnerabilities
-
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html
[security-announce] openSUSE-SU-2015:0892-1: important: Update to Firefo
-
http://www.ubuntu.com/usn/USN-2552-1
USN-2552-1: Thunderbird vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00006.html
[security-announce] SUSE-SU-2015:0704-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
[security-announce] openSUSE-SU-2015:1266-1: important: Mozilla (Firefox
-
http://rhn.redhat.com/errata/RHSA-2015-0771.html
RHSA-2015:0771 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-0766.html
RHSA-2015:0766 - Security Advisory - Red Hat Customer Portal
-
http://www.debian.org/security/2015/dsa-3212
Debian -- Security Information -- DSA-3212-1 icedove
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1036515
1036515 - Refcounting on nsTimerImpl is not actually threadsafe
-
http://www.debian.org/security/2015/dsa-3211
Debian -- Security Information -- DSA-3211-1 iceweasel
-
http://www.securitytracker.com/id/1032000
Mozilla Thunderbird Flaws Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Request Forgery Attacks - SecurityTracker
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1138199
1138199 - Crash [@ js::ConstraintTypeSet::sweep] or Assertion failure: addr % CellSize == 0, at gc/Heap.h:1229 with runOffThreadScript
-
http://www.ubuntu.com/usn/USN-2550-1
USN-2550-1: Firefox vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html
[security-announce] openSUSE-SU-2015:0677-1: important: Security update
Jump to