Vulnerability Details : CVE-2015-4497
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2015-4497
- cpe:2.3:a:mozilla:firefox:40.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:38.2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4497
18.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4497
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2015-4497
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1164766
1164766 - (CVE-2015-4497) use-after-free (& crash) after style flush in CanvasRenderingContext2D (which causes destruction of nsIPresShell)
-
http://www.debian.org/security/2015/dsa-3345
Debian -- Security Information -- DSA-3345-1 iceweasel
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1175278
1175278 - ZDI-CAN-2938: Mozilla Firefox nsIPresShell Use-After-Free Remote Code Execution Vulnerability
-
http://www.securitytracker.com/id/1033397
Mozilla Firefox Use-After-Free in nsIPresShell Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.securityfocus.com/bid/76502
Mozilla Firefox CVE-2015-4497 Use After Free Denial of Service Vulnerability
-
http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html
openSUSE-SU-2015:1492-1: moderate: Security update for MozillaFirefox
-
http://www.zerodayinitiative.com/advisories/ZDI-15-406
ZDI-15-406 | Zero Day Initiative
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html
[security-announce] SUSE-SU-2015:1504-1: important: Security update for
-
http://www.mozilla.org/security/announce/2015/mfsa2015-94.html
Use-after-free when resizing canvas element during restyling — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html
[security-announce] SUSE-SU-2015:2081-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2015-1693.html
RHSA-2015:1693 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2723-1
USN-2723-1: Firefox vulnerabilities | Ubuntu security notices
Jump to