CVE-2015-4509
Mozilla Firefox HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.
Vulnerabilidad de uso después de liberación en la memoria en la interfaz HTMLVideoElement en Mozilla Firefox en versiones anteriores a 41.0 y Firefox ESR 38.x en versiones anteriores a 38.3, permite a atacantes remotos ejecutar código arbitrario a través de código JavaScript que modifica la tabla URI de un elemento media, también conocida como ZDI-CAN-3176.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of media objects. By manipulating a document's elements an attacker can cause a HTMLVideoElement object in memory to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-10 CVE Reserved
- 2015-09-23 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/76816 | Vdb Entry | |
| http://www.securitytracker.com/id/1033640 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-15-646 | X_refsource_misc |
|
| https://bugzilla.mozilla.org/show_bug.cgi?id=1198435 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.0.5 Search vendor "Mozilla" for product "Firefox Esr" and version "38.0.5" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.1.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.1.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.1.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.2.0 Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.0" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | 38.2.1 Search vendor "Mozilla" for product "Firefox Esr" and version "38.2.1" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 40.0.3 Search vendor "Mozilla" for product "Firefox" and version " <= 40.0.3" | - |
Affected
| ||||||