CVE-2015-4488

{"id": "CVE-2015-4488", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-08-16T01:59:16.160", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00030.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00031.html", "source": "security@mozilla.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1586.html", "source": "security@mozilla.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1682.html", "source": "security@mozilla.org"}, {"url": "http://www.debian.org/security/2015/dsa-3333", "source": "security@mozilla.org"}, {"url": "http://www.debian.org/security/2015/dsa-3410", "source": "security@mozilla.org"}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-90.html", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1033247", "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1033372", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2702-1", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2702-2", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2702-3", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2712-1", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1176270", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/201605-06", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la memoria en la clase StyleAnimationValue en Mozilla Firefox en versiones anteriores a 40.0, Firefox ESR 38.x en versiones anteriores a 38.2 y Firefox OS en versiones anteriores a 2.2, permite a atacantes remotos tener un impacto desconocido mediante el aprovechamiento de una autoasignaci\u00f3n de StyleAnimationValue::operator."}], "lastModified": "2024-10-22T13:42:14.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40AB4FC4-00EA-4C4E-81D8-170BD068B28B", "versionEndIncluding": "39.0.3"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35BF0AFB-26BA-4BEA-B6B8-11CF88E951DE"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F007CC6-9391-4E1C-A747-F3DE5E572FA5"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45E9641F-430C-4B3A-BD63-EC13DBD3D1E4"}, {"criteria": "cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AADD23B-A8AF-4679-990D-C29A1D6EB5CD"}, {"criteria": "cpe:2.3:o:mozilla:firefox_os:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F831592-3C33-42CD-892B-D6CDE7C486C4"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "sourceIdentifier": "security@mozilla.org"}