CVE-2015-7204

CVSS v2.0 6.8 (Medium)

EPSS 3.83 % (92^th)

Affected Products 4

Advisories 3

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

Weaknesses

CWE-17: DEPRECATED: Code

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2015-12-16 11:59:03
(8 years ago)
Updated Date: 2018-10-30 16:27:35
(5 years ago)

Affected Products

Fedoraproject

Fedora

Mozilla

Firefox

Opensuse

Configuration #1

		CPE23	From	Up To
	Opensuse Leap 42.1	cpe:2.3:o:opensuse:leap:42.1
	Opensuse 13.1	cpe:2.3:o:opensuse:opensuse:13.1
	Opensuse 13.2	cpe:2.3:o:opensuse:opensuse:13.2

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 22	cpe:2.3:o:fedoraproject:fedora:22
	Fedoraproject Fedora 23	cpe:2.3:o:fedoraproject:fedora:23

Configuration #3

	CPE23	Up To
Mozilla Firefox 42.0 and prior versions	cpe:2.3:a:mozilla:firefox	<= 42.0
Mozilla Firefox 41.0	cpe:2.3:a:mozilla:firefox:41.0
Mozilla Firefox 41.0.1	cpe:2.3:a:mozilla:firefox:41.0.1
Mozilla Firefox 41.0.2	cpe:2.3:a:mozilla:firefox:41.0.2