Show plain JSON{"id": "CVE-2015-2733", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-07-06T02:01:02.937", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html", "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html", "source": "security@mozilla.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1207.html", "source": "security@mozilla.org"}, {"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-65.html", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html", "tags": ["Third Party Advisory"], "source": "security@mozilla.org"}, {"url": "http://www.securityfocus.com/bid/75541", "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1032783", "source": "security@mozilla.org"}, {"url": "http://www.securitytracker.com/id/1032784", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2656-1", "source": "security@mozilla.org"}, {"url": "http://www.ubuntu.com/usn/USN-2656-2", "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1169867", "tags": ["Issue Tracking"], "source": "security@mozilla.org"}, {"url": "https://security.gentoo.org/glsa/201512-10", "source": "security@mozilla.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n CanonicalizeXPCOMParticipant en Mozilla Firefox anterior a 39.0 y Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran el adjunto de un objeto XMLHttpRequest a un trabajador dedicado."}], "lastModified": "2016-12-28T02:59:08.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "639EAD72-0505-4B4E-8693-9E653A30A334", "versionEndIncluding": "38.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "992DDB6B-F32C-4E80-B386-EB1643D079E4"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D7AAC77-57A3-4747-B760-0EE3CD53E4DE"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19837144-FBCC-4B36-BAF4-FCD9F9C2AAE5"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0DB1BAA-3729-48BD-A8D0-5BBF3D4ABDE6"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DCA6959-24B7-4F86-BE25-0A8A7C1A3D13"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "697EA344-F982-4E9F-9EC8-CCCB5829582B"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C699284-7876-4C8D-B259-B97C60C9A349"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61304847-1DC8-442C-8194-28E52B3C1293"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DF9724E-93B2-4BC7-8181-6D9521A6CC37"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C9244A7-665A-48DE-89C9-C76E7A4556F5"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E6787E1-0523-49B7-B9B3-74F2D43DB714"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA842900-6ABD-4493-A5FF-C8840B081190"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DAF8682-9B5E-4DE7-AEB0-71D5E4E6E01C"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:31.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7AA9780-4512-4B76-BDBB-BB702535ECBD"}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:38.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A1DD76B-7682-4F61-B274-115D8A9B5306"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FB716E7-18DA-4EAF-95BE-916443D94A8F"}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA04C9F1-6257-4D82-BA0B-37DE66D94736"}, {"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C384D0B6-8A5C-45CA-8CD9-7F4E967FE4F0"}], "operator": "OR"}]}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "sourceIdentifier": "security@mozilla.org"} 