Vulnerability Details : CVE-2015-4473
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2015-4473
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4473
2.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4473
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-4473
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4473
-
http://www.ubuntu.com/usn/USN-2712-1
USN-2712-1: Thunderbird vulnerabilities | Ubuntu security noticesBroken Link
-
http://www.debian.org/security/2015/dsa-3333
Debian -- Security Information -- DSA-3333-1 iceweaselThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html
openSUSE-SU-2015:1454-1: moderate: Security update for MozillaThunderbirThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
[security-announce] SUSE-SU-2015:1449-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
[security-announce] openSUSE-SU-2015:1390-1: important: Security updateThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1586.html
RHSA-2015:1586 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1146213
1146213 - Crash [@ js::NativeObject::setSlot] with off-thread compilationIssue Tracking;Vendor Advisory
-
http://www.debian.org/security/2015/dsa-3410
Debian -- Security Information -- DSA-3410-1 icedoveThird Party Advisory
-
http://www.mozilla.org/security/announce/2015/mfsa2015-79.html
Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
[security-announce] openSUSE-SU-2015:1389-1: important: Security updateThird Party Advisory
-
https://security.gentoo.org/glsa/201605-06
Mozilla Products: Multiple vulnerabilities (GLSA 201605-06) — Gentoo securityThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2702-1
USN-2702-1: Firefox vulnerabilities | Ubuntu security noticesBroken Link
-
http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html
openSUSE-SU-2015:1453-1: moderate: Security update for MozillaThunderbirThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
[security-announce] SUSE-SU-2015:1528-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
[security-announce] SUSE-SU-2015:2081-1: important: Security update forThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1182711
1182711 - Crash [@ js::ScopeIter::operator++] or Assertion failure: ssi_.type() == StaticScopeIter<CanGC>::Function, at vm/ScopeObject.cppIssue Tracking;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2702-3
USN-2702-3: Firefox regression | Ubuntu security noticesBroken Link
-
http://www.securitytracker.com/id/1033247
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Obtain Potentially Sensitive Information, Bypass Security Restrictions, and Conduct Cross-Site Scripting Attacks - SecurityTrackThird Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1178890
1178890 - TimerThread::DoAfterSleep() seems to not be threadsafeIssue Tracking;Vendor Advisory
-
http://www.securitytracker.com/id/1033372
Mozilla Thunderbird Multiple Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-2702-2
USN-2702-2: Ubufox update | Ubuntu security noticesBroken Link
-
http://rhn.redhat.com/errata/RHSA-2015-1682.html
RHSA-2015:1682 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to