CVE-2015-7196

CVSS v2.0 6.8 (Medium)

EPSS 9.00 % (95^th)

Affected Products 2

Advisories 9

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.

Weaknesses

CWE-17: DEPRECATED: Code

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-11-05 05:59:20
(8 years ago)
Updated Date: 2016-12-07 18:23:15
(7 years ago)

Affected Products

Mozilla

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 41.0.2 and prior versions	cpe:2.3:a:mozilla:firefox		<= 41.0.2

Configuration #2

		CPE23	From	Up To
	Mozilla Firefox Esr 38.0	cpe:2.3:a:mozilla:firefox_esr:38.0
	Mozilla Firefox Esr 38.0.1	cpe:2.3:a:mozilla:firefox_esr:38.0.1
	Mozilla Firefox Esr 38.0.5	cpe:2.3:a:mozilla:firefox_esr:38.0.5
	Mozilla Firefox Esr 38.1.0	cpe:2.3:a:mozilla:firefox_esr:38.1.0
	Mozilla Firefox Esr 38.1.1	cpe:2.3:a:mozilla:firefox_esr:38.1.1
	Mozilla Firefox Esr 38.2.0	cpe:2.3:a:mozilla:firefox_esr:38.2.0
	Mozilla Firefox Esr 38.2.1	cpe:2.3:a:mozilla:firefox_esr:38.2.1
	Mozilla Firefox Esr 38.3.0	cpe:2.3:a:mozilla:firefox_esr:38.3.0