CVE-2015-0804
CVSS v2.0
7.5 (High)
EPSS
3.79 % (92th)
Affected Products
3
Advisories
3
The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document containing a SOURCE element.
Weaknesses
- CWE-264
- Permissions, Privileges, and Access Controls
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2015-04-01 10:59:05
(9 years ago) - Updated Date
-
2018-10-30 16:27:35
(5 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...