1. Home
  2. Vulnerabilities
  3. CVE-2015-2722

CVE-2015-2722

CVSS v2.0 10 (High)
100% Progress
EPSS 4.47 % (93th)
4.47% Progress
Affected Products 6
Advisories 10
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2015-07-06 02:00:54
(9 years ago)
Updated Date
2023-09-12 14:55:31
(12 months ago)

Affected Products

Mozilla

Novell

Oracle

Configuration #1

    CPE23 From Up To
  Oracle Solaris 11.3 cpe:2.3:o:oracle:solaris:11.3

Configuration #2

    CPE23 From Up To
  Mozilla Firefox Esr 31.0 cpe:2.3:a:mozilla:firefox_esr:31.0
  Mozilla Firefox Esr 31.1 cpe:2.3:a:mozilla:firefox_esr:31.1
  Mozilla Firefox Esr 31.1.0 cpe:2.3:a:mozilla:firefox_esr:31.1.0
  Mozilla Firefox Esr 31.1.1 cpe:2.3:a:mozilla:firefox_esr:31.1.1
  Mozilla Firefox Esr 31.2 cpe:2.3:a:mozilla:firefox_esr:31.2
  Mozilla Firefox Esr 31.3 cpe:2.3:a:mozilla:firefox_esr:31.3
  Mozilla Firefox Esr 31.3.0 cpe:2.3:a:mozilla:firefox_esr:31.3.0
  Mozilla Firefox Esr 31.4 cpe:2.3:a:mozilla:firefox_esr:31.4
  Mozilla Firefox Esr 31.5 cpe:2.3:a:mozilla:firefox_esr:31.5
  Mozilla Firefox Esr 31.5.1 cpe:2.3:a:mozilla:firefox_esr:31.5.1
  Mozilla Firefox Esr 31.5.2 cpe:2.3:a:mozilla:firefox_esr:31.5.2
  Mozilla Firefox Esr 31.5.3 cpe:2.3:a:mozilla:firefox_esr:31.5.3
  Mozilla Firefox Esr 31.6.0 cpe:2.3:a:mozilla:firefox_esr:31.6.0
  Mozilla Firefox Esr 31.7.0 cpe:2.3:a:mozilla:firefox_esr:31.7.0
  Mozilla Firefox Esr 38.0 cpe:2.3:a:mozilla:firefox_esr:38.0

Configuration #3

    CPE23 From Up To
  Mozilla Firefox 38.1.0 and prior versions cpe:2.3:a:mozilla:firefox <= 38.1.0

Configuration #4

    CPE23 From Up To
  Novell Suse Linux Enterprise Software Development Kit 12.0 cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0
  Novell Suse Linux Enterprise Desktop 12.0 cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0
  Novell Suse Linux Enterprise Server 11 SP4 cpe:2.3:o:novell:suse_linux_enterprise_server:11:sp4
  Novell Suse Linux Enterprise Server 12.0 cpe:2.3:o:novell:suse_linux_enterprise_server:12.0